#930 Documentation improvements for Cyrus SASL GSSAPI
What steps will reproduce the problem?
1. read the doc https://prosody.im/doc/cyrus_sasl
What is the expected output? What do you see instead?
A bit more doc
What version of the product are you using? On what operating system?
0.9.12 on Ubuntu 16.04
Please provide any additional information below.
When using the GSSAPI authentication method:
* on the Kerberos KDC server, create a principal "xmpp/host_fqdn@EXAMPLE.COM" (host_fqdn must be the reverse DNS of your XMPP server, not its virtualhost name)
* create a keytab with "xmpp/host_fqdn@EXAMPLE.COM" in, say, /etc/prosody/im.example.com.keytab that is readable only by prosody
* in /etc/prosody/prosody.cfg.lua : set cyrus_service_realm to im.example.com and cyrus_server_fqdn to host_fqdn (the reverse DNS of your XMPP server)
* in /etc/sasl/prosody.conf or /etc/sasl2/prosody.conf (more exactly, /etc/sasl/$cyrus_service_name.conf), put:
* its location does not seem to depend on the distribution (even in Ubuntu, for example, Prosody searches for both /etc/sasl/prosody.conf and /etc/sasl2/prosody.conf).
Thanks for the report to improve our documentation.
Nobody on the Prosody has deployment experience with Cyrus SASL. Prosody's code largely just reuses Cyrus SASL for everything. For example, when you say "Prosody searches for both /etc/sasl/prosody.conf and /etc/sasl2/prosody.conf" it is actually Cyrus SASL doing this searching, not our code.
It seems like you have some knowledge on the subject however! If you are willing to share, we'd gladly accept changes. The source file for this page is simple Markdown and you can find it here: https://hg.prosody.im/site/file/tip/doc/cyrus_sasl.md
If you're unfamiliar with Mercurial and patches, that is no problem - you can just send a new copy of the file.