Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Mar 2012 16:30:22 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        Kaya Saman <kayasaman@gmail.com>
Cc:        freebsd-ports@FreeBSD.org
Subject:   Re: jabberd port doesn't come with any certificates and is not allowing authorization?
Message-ID:  <4F74800E.6070503@FreeBSD.org>
In-Reply-To: <CAPj0R5%2B9%2BgNR1n8pL6qopGJcMZipZn=b=aR=sP_yY7VFo0q=ew@mail.gmail.com>
References:  <CAPj0R5%2B9%2BgNR1n8pL6qopGJcMZipZn=b=aR=sP_yY7VFo0q=ew@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig252CBA57D459114E55279E92
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 29/03/2012 15:45, Kaya Saman wrote:
> I've recently built the jabberd port and upgraded to the latest version=
: 2.x

Actually jabberd2 (net-im/jabberd) is a completely different different
project to jabberd14 (net-im/jabber) -- it's not "upgrading" so much as
switching to a different piece of software.

In any case, jabberd2 is the correct choice: it is being actively
developed and is keeping abreast of the various XMPP extensions that are
being published.

> I'm having major problems in configuring it though and was wondering
> if someone could either give me a hand or help me generate
> certificates for it which are mentioned in the config file but not
> within the /usr/local/etc/jabberd directory.
>=20
>=20
> I'm experiencing this issue:
>=20
> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032]=
 connect
> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] got pre STARTTLS packet, =
dropping
> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032]=

> disconnect jid=3Dunbound, packets: 1

Your client is attempting to switch its connection to using TLS.  This
is good, especially if you are using a SASL method of LOGIN or PASSWORD
-- otherwise it would send passwords across the net in plain test.

> This is my realm information:
>=20
>=20
>     <id realm=3D'jabber.com'
>         pemfile=3D'/usr/local/etc/jabberd/server.pem'
>         verify-mode=3D'0'
>         cachain=3D'/usr/local/etc/jabberd/client_ca_certs.pem'
>         require-starttls=3D'false'
>         register-enable=3D'true'
>         instructions=3D'Enter a username and password to register with
> this server.'
>         register-oob=3D'http://srv.jabber.com/register'
>         password-change=3D'true'
>     >jabber.com</id>
>     <!-- or the default host
>     <id password-change=3D'mu' /> -->
>=20
>=20
> jabber.com may publicly exist however, this is a trial done in Vbox
> and totally offline just so I can understand the necessary mechanisms
> involved as to learn how the jabberd server functions!

You've got both 'register-enable' and 'register-oob' -- you probably
don't want both of those, unless you do have an out-of-band method to
create user accounts.

Presumably you have created the required server x509 certificate.  If
you're doing it on the cheap, that means a self-signed certificate.  In
which case there simply won't be a cain of CA certs to worry about.  I'd
also recommend require-starttls=3D'true'

Of course, there's a lot more to setting up jabberd than just this
little section of one of the config files.

> I'm using Pidgin as the IM client who is configured like:
>=20
> Username: user
> Domain: jabber.com
> Password: <secret>
> Local Alias: user_alias
> Use encrypted connections if available         <<<---***
> Allow plaintext auth over unencrypted streams  <<<---***
> Connect server: srv.jabber.com

Those two marked items are not a good idea.  If you're using login to
authenticate the SASL libraries expect you to use TLS to secure the
transaction, and the way of least resistance is to do so.

> On the client I keep getting: "Policy Violation" error.
>=20
>=20
> It's really weird but there seems to be a lack of documentation as I
> managed to find the stuff for jabberd version 1.4, for version 2.x
> I've followed some URL's:
>=20
> http://www.jms1.net/jabberd2/
>=20
> http://www.indiangnu.org/2009/how-to-configure-jabber-jabberd2-with-mys=
qlpam-as-auth-database/
>=20
> http://bionicraptor.co/2011/07/25/how-to-encrypt-jabberd2-communication=
s/
>=20
> http://bionicraptor.co/2011/05/20/how-to-install-and-configure-japperd2=
-with-mysql/
>=20
>=20
> But still nothing is working, I believe it's to do with the security
> as in using encrypted or unencrypted connections but I can't be
> certain... there doesn't seem to be any mysql DB creation script
> either that I could find??

Look in /usr/local/share/doc/jabberd

I originally implemented jabberd2 using a MySQL database, but have
switched to PostgreSQL.  Which RDBMs you use won't make a whole lot of
difference unless your traffic levels grow to pretty enormous levels.
In fact, for a lightly used system, sqlite would be a reasonable choice.

> Is there a fix or am I stuck??

Well, I have jabberd2 up and running quite happily.  I don't remember
setting it up as being particularly traumatic.  I just read the docco,
followed the install guide here:
https://github.com/Jabberd2/jabberd2/wiki/InstallGuide  (which is linked
to from the jabberd2 home page at http://jabberd2.xiaoka.com/) and the
comments in the sample .xml files and it all worked fine after the usual
sort of testing and debugging.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enig252CBA57D459114E55279E92
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk90gBUACgkQ8Mjk52CukIzQeQCfXqVn4iFS719JXI7NJTpDcaHx
q64AoIpGA5lGLohZYZlymzAiuh6qO1n+
=cZxg
-----END PGP SIGNATURE-----

--------------enig252CBA57D459114E55279E92--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F74800E.6070503>