jabberd2 sasl auth with gsasl, gss and shishi

[Andrés More]

Hi,

I'm trying to put together latest versions of jabberd2, gsasl, gss and shishi.
I would like to authenticate XMPP clients accessing Jabberd2 thru Kerberos.

http://ftp.gnu.org/gnu/shishi/shishi-1.0.0.tar.gz
http://ftp.gnu.org/gnu/gss/gss-1.0.1.tar.gz
http://ftp.gnu.org/gnu/gsasl/gsasl-1.6.1.tar.gz

I've manually compiled all the stuff, 'make check' is passing
everywhere [1], I've setup a shisa DB and I can use shishi to get
tickets as expected. However when trying to use Jabberd2 SASL it won't
list GSSAPI or GS2-KRB5 as available mechanisms.

I think I've isolated the issue by using the gsasl command [2]. It is
not listing GSSAPI when asking for --server-mechanisms. I've tried to
follow the code callbacks in gsasl and gss without success...

What can I do to find out more troubleshooting information? I've read
most of what I've found in the web but I'm still lost [3]. I apologize
in advance if I'm not reaching the right mailing list.

Thanks!

-- Andres

[1]
BTW, I've found that the gsasl_nonce test needs too much entryophy so
I had to install rng-tool, so it won't run properly in a VM.

Self test `./simple' finished with 0 errors
PASS: simple
gsasl_nonce
^C
$ cat /proc/sys/kernel/random/entropy_avail
14

[2]
$ gsasl --client-mechanisms
Enter base64 encoded tls-unique channel binding: 123
This client supports the following mechanisms:
ANONYMOUS EXTERNAL LOGIN PLAIN SECURID NTLM DIGEST-MD5 CRAM-MD5 GSSAPI GS2-KRB5
$ gsasl --server-mechanisms
Enter base64 encoded tls-unique channel binding: 123
Enter GSSAPI service name (e.g. "imap"): xmpp
Enter hostname of server: gentoo
This server supports the following mechanisms:
ANONYMOUS EXTERNAL LOGIN PLAIN SECURID DIGEST-MD5 CRAM-MD5

[3]
the output example at the end of the shishi manual walk-through does
not make sense to me, maybe I'm missing something there.
http://www.gnu.org/s/shishi/manual/shishi.html 'we illustrate using
the TGS service as well'