On that matter: Can anybody recommend XMPP clients that support GSSAPI/SASL/Kerberos user authentication?
I'd really love to implement thorough self hosted SSO infrastructure that authenticates against a crypto token (Yubikey, Nitrokey, GPG smartcard). Doing this for e-mail and SSH logins is straightforward (BT;DT). And the Prosody documentation is promising with that respect, so the server side should be doable as well. But on the XMPP client side all I can find are some maillist posts where people supposedly got it working with Pidgin, but no howtos or similar to be found.
One thing that I also want to implement is kerberized OAuth and OpenID; however there are only very few services where you can actually log in with something other than Google, Twitter or Facebook – StackExchange used to offer login via custom OpenID, but they removed that a few years ago.
XMPP/Jabber + OTR