Date: Thu, 29 Mar 2012 16:30:22 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: Kaya Saman <kayasaman@gmail.com> Cc: freebsd-ports@FreeBSD.org Subject: Re: jabberd port doesn't come with any certificates and is not allowing authorization? Message-ID: <4F74800E.6070503@FreeBSD.org> In-Reply-To: <CAPj0R5%2B9%2BgNR1n8pL6qopGJcMZipZn=b=aR=sP_yY7VFo0q=ew@mail.gmail.com> References: <CAPj0R5%2B9%2BgNR1n8pL6qopGJcMZipZn=b=aR=sP_yY7VFo0q=ew@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig252CBA57D459114E55279E92 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 29/03/2012 15:45, Kaya Saman wrote: > I've recently built the jabberd port and upgraded to the latest version= : 2.x Actually jabberd2 (net-im/jabberd) is a completely different different project to jabberd14 (net-im/jabber) -- it's not "upgrading" so much as switching to a different piece of software. In any case, jabberd2 is the correct choice: it is being actively developed and is keeping abreast of the various XMPP extensions that are being published. > I'm having major problems in configuring it though and was wondering > if someone could either give me a hand or help me generate > certificates for it which are mentioned in the config file but not > within the /usr/local/etc/jabberd directory. >=20 >=20 > I'm experiencing this issue: >=20 > Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032]= connect > Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] got pre STARTTLS packet, = dropping > Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032]= > disconnect jid=3Dunbound, packets: 1 Your client is attempting to switch its connection to using TLS. This is good, especially if you are using a SASL method of LOGIN or PASSWORD -- otherwise it would send passwords across the net in plain test. > This is my realm information: >=20 >=20 > <id realm=3D'jabber.com' > pemfile=3D'/usr/local/etc/jabberd/server.pem' > verify-mode=3D'0' > cachain=3D'/usr/local/etc/jabberd/client_ca_certs.pem' > require-starttls=3D'false' > register-enable=3D'true' > instructions=3D'Enter a username and password to register with > this server.' > register-oob=3D'http://srv.jabber.com/register' > password-change=3D'true' > >jabber.com</id> > <!-- or the default host > <id password-change=3D'mu' /> --> >=20 >=20 > jabber.com may publicly exist however, this is a trial done in Vbox > and totally offline just so I can understand the necessary mechanisms > involved as to learn how the jabberd server functions! You've got both 'register-enable' and 'register-oob' -- you probably don't want both of those, unless you do have an out-of-band method to create user accounts. Presumably you have created the required server x509 certificate. If you're doing it on the cheap, that means a self-signed certificate. In which case there simply won't be a cain of CA certs to worry about. I'd also recommend require-starttls=3D'true' Of course, there's a lot more to setting up jabberd than just this little section of one of the config files. > I'm using Pidgin as the IM client who is configured like: >=20 > Username: user > Domain: jabber.com > Password: <secret> > Local Alias: user_alias > Use encrypted connections if available <<<---*** > Allow plaintext auth over unencrypted streams <<<---*** > Connect server: srv.jabber.com Those two marked items are not a good idea. If you're using login to authenticate the SASL libraries expect you to use TLS to secure the transaction, and the way of least resistance is to do so. > On the client I keep getting: "Policy Violation" error. >=20 >=20 > It's really weird but there seems to be a lack of documentation as I > managed to find the stuff for jabberd version 1.4, for version 2.x > I've followed some URL's: >=20 > http://www.jms1.net/jabberd2/ >=20 > http://www.indiangnu.org/2009/how-to-configure-jabber-jabberd2-with-mys= qlpam-as-auth-database/ >=20 > http://bionicraptor.co/2011/07/25/how-to-encrypt-jabberd2-communication= s/ >=20 > http://bionicraptor.co/2011/05/20/how-to-install-and-configure-japperd2= -with-mysql/ >=20 >=20 > But still nothing is working, I believe it's to do with the security > as in using encrypted or unencrypted connections but I can't be > certain... there doesn't seem to be any mysql DB creation script > either that I could find?? Look in /usr/local/share/doc/jabberd I originally implemented jabberd2 using a MySQL database, but have switched to PostgreSQL. Which RDBMs you use won't make a whole lot of difference unless your traffic levels grow to pretty enormous levels. In fact, for a lightly used system, sqlite would be a reasonable choice. > Is there a fix or am I stuck?? Well, I have jabberd2 up and running quite happily. I don't remember setting it up as being particularly traumatic. I just read the docco, followed the install guide here: https://github.com/Jabberd2/jabberd2/wiki/InstallGuide (which is linked to from the jabberd2 home page at http://jabberd2.xiaoka.com/) and the comments in the sample .xml files and it all worked fine after the usual sort of testing and debugging. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enig252CBA57D459114E55279E92 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk90gBUACgkQ8Mjk52CukIzQeQCfXqVn4iFS719JXI7NJTpDcaHx q64AoIpGA5lGLohZYZlymzAiuh6qO1n+ =cZxg -----END PGP SIGNATURE----- --------------enig252CBA57D459114E55279E92--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F74800E.6070503>