iChat Server, SRV records and Digest-MD5
Hi all,
So I have a server, let's say "jabber.example.com", and in my DNS I have some SRV records that map jabber.tcp, xmpp-client.tcp and xmpp-server.tcp to this server.
Now, I go to Server Admin for jabber.example.com, and in the iChat configuration, I set "example.com" as the Host Domain.
The DNS for jabber.example.com is correctly set-up, as are the SRV records. jabber.example.com is happy with its hostname too.
What I find when I do this is that I can't log-in to the iChat server with JIDs of the form "user@example.com". Nor can I log-in with JIDs like "user@jabber.example.com", but that's expected and I don't want to do that.
If I change the Host Domain to "jabber.example.com", then I can log-in using "user@jabber.example.com", but not with "user@example.com". I want the latter.
If I comment-out the digest-md5 mechanism from the SASL mechanisms in c2s.xml and set the Host Domain back to "example.com", things work how I want. I'm using SSL, so there's no particular problem using the SASL plain mechanism, though I'd rather not.
Surely this is a bug? How is one supposed to configure things so that users get JIDs like their e-mail addresses (i.e. with a domain rather than a full host name)? Surely digest-md5 should work with such a set-up?
Any insight?
Kind regards,
Alastair.
So I have a server, let's say "jabber.example.com", and in my DNS I have some SRV records that map jabber.tcp, xmpp-client.tcp and xmpp-server.tcp to this server.
Now, I go to Server Admin for jabber.example.com, and in the iChat configuration, I set "example.com" as the Host Domain.
The DNS for jabber.example.com is correctly set-up, as are the SRV records. jabber.example.com is happy with its hostname too.
What I find when I do this is that I can't log-in to the iChat server with JIDs of the form "user@example.com". Nor can I log-in with JIDs like "user@jabber.example.com", but that's expected and I don't want to do that.
If I change the Host Domain to "jabber.example.com", then I can log-in using "user@jabber.example.com", but not with "user@example.com". I want the latter.
If I comment-out the digest-md5 mechanism from the SASL mechanisms in c2s.xml and set the Host Domain back to "example.com", things work how I want. I'm using SSL, so there's no particular problem using the SASL plain mechanism, though I'd rather not.
Surely this is a bug? How is one supposed to configure things so that users get JIDs like their e-mail addresses (i.e. with a domain rather than a full host name)? Surely digest-md5 should work with such a set-up?
Any insight?
Kind regards,
Alastair.
Mac OS X (10.6.2)
