Доброго времени суток.
Вот уже неделю борю следующую связку: домен AD c контроллерами под 2003 MS, сервер под Debian Lenny с OpenFire 3.6.4
База OpenFire - в MySQL
Настроена интеграция через LDAP c AD, авторизация естественно тоже.
В качестве клиентов - Miranda разных версий под WinXP.
Все это летает уже полгода без проблем.
Но восхотелось мне добиться прозрачной авторизации, дабы пользователи офиса не вводили свой доменный пароль в клиента.
Сделал все по докам с http://www.igniterealtime.org, конфигурация благополучно взлетела.
Но! SSO работает только для пользователя с английским логином. С русским - никак, хотя если использовать PLAIN - работает. (Да и работало).
Для английского пользователя test:
<div class='indent'>Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is test@(ÔÕÔ ÄÏÍÅÎ)
Commit Succeeded

DirectSound Capture Supported = true
JavaSound Capture Supported = false
Service listing
Socks 5 Bytestreams Proxy-result
Publish-Subscribe service-result
Public Chatrooms-result
Initialized
</div>
Для русского тест:
<div class='indent'>Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is ÔÅÓÔ@(ôÕÔ ÄÏÍÅÎ)
Commit Succeeded
</div>
И все... Голову уже сломал.
Яву к сожалению знаю на уровне "где-то похожий код видел"

В дебаге сервера при входе с русским логином через SSO:
<div class='indent'>2010.02.23 11:19:22 SASLAuthentication: SaslException
javax.security.sasl.SaslException: Handshake expecting no response data from server
at com.sun.security.sasl.gsskerb.GssKrb5Server.doHandshake1(GssKrb5Server.java:169)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:128)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:296)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:165)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:133)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:185)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Thread.java:619)
</div>
С английским:
<div class='indent'>2010.02.23 12:03:39 NIOConnection: startTLS: using c2s
2010.02.23 12:03:39 AuthorizationManager: Trying Default Policy.authorize(test , test@(ôÕÔ ÄÏÍÅÎ))
2010.02.23 12:03:39 DefaultAuthorizationPolicy: Checking authenID realm
2010.02.23 12:03:39 DefaultAuthorizationPolicy: authenRealm = sasl.realm
2010.02.23 12:03:39 LdapManager: Trying to find a user's DN based on their username. sAMAccountName: test, Base DN: DC="(äÏÍÅÎ)",DC="ru"...
2010.02.23 12:03:39 LdapManager: Creating a DirContext in LdapManager.getContext()...
2010.02.23 12:03:39 LdapManager: Created hashtable with context values, attempting to create context...
2010.02.23 12:03:39 LdapManager: ... context created successfully, returning.
2010.02.23 12:03:39 LdapManager: Starting LDAP search...
2010.02.23 12:03:39 LdapManager: ... search finished
2010.02.23 12:03:39 LdapManager: Trying to find a user's DN based on their username. sAMAccountName: test, Base DN: DC="(домен)",DC="ru"...
2010.02.23 12:03:39 LdapManager: Creating a DirContext in LdapManager.getContext()...
2010.02.23 12:03:39 LdapManager: Created hashtable with context values, attempting to create context...
2010.02.23 12:03:39 LdapManager: ... context created successfully, returning.
2010.02.23 12:03:39 LdapManager: Starting LDAP search...
2010.02.23 12:03:39 LdapManager: ... search finished
2010.02.23 12:03:39 LdapManager: Creating a DirContext in LdapManager.getContext()...
2010.02.23 12:03:39 LdapManager: Created hashtable with context values, attempting to create context...
2010.02.23 12:03:39 LdapManager: ... context created successfully, returning.
</div>
Кто-нибудь сталкивался?
Керберос работает, все кажется в норме...
<span class='smallblacktext'>[ Редактирование ]</span>