our openfire installation can no longer authenticate clients with gssapi. We enabled debugging, but server side debug logs contain nothing even mentioning gssapi / kerberos / sasl authentication.
using wireshark we were able to get some information:
update spark to 2.7.x and try again. If you’re already at 2.7.x, check the java version that you are using on both the server and client. if openfire is using java 8, this will break sso, and you’ll need to downgrade to java 7. If the client is running java 8, and if your using DES for your kerberos key, then you’ll need to add allow_weak_crypto=true in the clients krb5.ini
I asked about this issue on their forums. People said that Miranda NG GSSAPI work normal if openfire server (3.10.0) installed on windows, but I have linux-based infrastracture.
guess I owe you a beer! strange that it doesn’t work. In my test, I found that something change in 7_80 and above that broke sso, but I’m running everything on windows.
sounds like maybe a bug when openfire is running on linux. It might be worth trying the included jre instead of java7_79, but something tells me that prob wont work either!