From owner-freebsd-ports@FreeBSD.ORG Fri Mar 30 07:57:55 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3B49B106564A; Fri, 30 Mar 2012 07:57:55 +0000 (UTC) (envelope-from kayasaman@gmail.com) Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) by mx1.freebsd.org (Postfix) with ESMTP id D5CCA8FC17; Fri, 30 Mar 2012 07:57:54 +0000 (UTC) Received: by qafi31 with SMTP id i31so289553qaf.15 for ; Fri, 30 Mar 2012 00:57:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Nw2YvtzujbqlC0Jo9zw6zZVG0NRngEWWVaFOTMgLSZg=; b=0mC/HLkUNwy9RvIGPT1dj1FXcoJBcbF8oOfGeqa5//cXR6xEIhbScsRVxegQLNzCOe lY0icjACRH+UH0AgP+8iuazzt4w/fimP4DKb4IkL+6qm1aApAPqoGTiPZZNr2+7u9oYl sNbz62cuKHiZEs/y8yUeUXoNINNKEvg9vjE8H9iFesRpUq/GMR2H8e7Rj9EgzAbjpZAt 4HWpnt560ylpd9AC8Az27diAfWMV5H3+SqAHvGYecHrNaOMF9zyk5kpeeIR8/zlAQtU5 xnONt3I3C7HC71o+4AEGxg8gyinMb193bKmNWlaT6g14HZixstP2G0DW+wgFotIM3UK+ YODA== MIME-Version: 1.0 Received: by 10.224.33.134 with SMTP id h6mr4252055qad.15.1333094274022; Fri, 30 Mar 2012 00:57:54 -0700 (PDT) Received: by 10.229.187.130 with HTTP; Fri, 30 Mar 2012 00:57:53 -0700 (PDT) In-Reply-To: <4F74800E.6070503@FreeBSD.org> References: <4F74800E.6070503@FreeBSD.org> Date: Fri, 30 Mar 2012 08:57:53 +0100 Message-ID: From: Kaya Saman To: Matthew Seaman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ports@freebsd.org Subject: Re: jabberd port doesn't come with any certificates and is not allowing authorization? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 07:57:55 -0000 On Thu, Mar 29, 2012 at 4:30 PM, Matthew Seaman wrote= : > On 29/03/2012 15:45, Kaya Saman wrote: >> I've recently built the jabberd port and upgraded to the latest version:= 2.x > > Actually jabberd2 (net-im/jabberd) is a completely different different > project to jabberd14 (net-im/jabber) -- it's not "upgrading" so much as > switching to a different piece of software. > > In any case, jabberd2 is the correct choice: it is being actively > developed and is keeping abreast of the various XMPP extensions that are > being published. Ok so I'm on the right track then :-) > >> I'm having major problems in configuring it though and was wondering >> if someone could either give me a hand or help me generate >> certificates for it which are mentioned in the config file but not >> within the /usr/local/etc/jabberd directory. >> >> >> I'm experiencing this issue: >> >> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032] = connect >> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] got pre STARTTLS packet, d= ropping >> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=3D59032] >> disconnect jid=3Dunbound, packets: 1 > > Your client is attempting to switch its connection to using TLS. =A0This > is good, especially if you are using a SASL method of LOGIN or PASSWORD > -- otherwise it would send passwords across the net in plain test. Hmm... so I guess pidgin doesn't do non-encrypted connections then? I totally agree with using encryption however, I just want to learn how to setup jabberd first in its most basic state before getting more advanced. > >> This is my realm information: >> >> >> =A0 =A0 > =A0 =A0 =A0 =A0 pemfile=3D'/usr/local/etc/jabberd/server.pem' >> =A0 =A0 =A0 =A0 verify-mode=3D'0' >> =A0 =A0 =A0 =A0 cachain=3D'/usr/local/etc/jabberd/client_ca_certs.pem' >> =A0 =A0 =A0 =A0 require-starttls=3D'false' >> =A0 =A0 =A0 =A0 register-enable=3D'true' >> =A0 =A0 =A0 =A0 instructions=3D'Enter a username and password to registe= r with >> this server.' >> =A0 =A0 =A0 =A0 register-oob=3D'http://srv.jabber.com/register' >> =A0 =A0 =A0 =A0 password-change=3D'true' >> =A0 =A0 >jabber.com >> =A0 =A0 >> >> >> jabber.com may publicly exist however, this is a trial done in Vbox >> and totally offline just so I can understand the necessary mechanisms >> involved as to learn how the jabberd server functions! > > You've got both 'register-enable' and 'register-oob' -- you probably > don't want both of those, unless you do have an out-of-band method to > create user accounts. Actually to allow IM clients to register will be better, though later on when I do a full implementation I will need to authenticate to either PAM or AD. > > Presumably you have created the required server x509 certificate. =A0If > you're doing it on the cheap, that means a self-signed certificate. =A0In > which case there simply won't be a cain of CA certs to worry about. =A0I'= d > also recommend require-starttls=3D'true' I don't have an x509 cert, I discovered this though: http://www.stanbarber.com/freebsd/creating-self-signed-ssl-certificates-on-= freebsd-with-openssl Is that what you mean or is the x509 different from the SSL self signed cer= t? > > Of course, there's a lot more to setting up jabberd than just this > little section of one of the config files. Means a lot more to learn.... > >> I'm using Pidgin as the IM client who is configured like: >> >> Username: user >> Domain: jabber.com >> Password: >> Local Alias: user_alias >> Use encrypted connections if available =A0 =A0 =A0 =A0 <<<---*** >> Allow plaintext auth over unencrypted streams =A0<<<---*** >> Connect server: srv.jabber.com > > Those two marked items are not a good idea. =A0If you're using login to > authenticate the SASL libraries expect you to use TLS to secure the > transaction, and the way of least resistance is to do so. Once cert has been created I will adjust accordingly! > >> On the client I keep getting: "Policy Violation" error. >> >> >> It's really weird but there seems to be a lack of documentation as I >> managed to find the stuff for jabberd version 1.4, for version 2.x >> I've followed some URL's: >> >> http://www.jms1.net/jabberd2/ >> >> http://www.indiangnu.org/2009/how-to-configure-jabber-jabberd2-with-mysq= lpam-as-auth-database/ >> >> http://bionicraptor.co/2011/07/25/how-to-encrypt-jabberd2-communications= / >> >> http://bionicraptor.co/2011/05/20/how-to-install-and-configure-japperd2-= with-mysql/ >> >> >> But still nothing is working, I believe it's to do with the security >> as in using encrypted or unencrypted connections but I can't be >> certain... there doesn't seem to be any mysql DB creation script >> either that I could find?? > > Look in /usr/local/share/doc/jabberd > > I originally implemented jabberd2 using a MySQL database, but have > switched to PostgreSQL. =A0Which RDBMs you use won't make a whole lot of > difference unless your traffic levels grow to pretty enormous levels. > In fact, for a lightly used system, sqlite would be a reasonable choice. > >> Is there a fix or am I stuck?? > > Well, I have jabberd2 up and running quite happily. =A0I don't remember > setting it up as being particularly traumatic. =A0I just read the docco, > followed the install guide here: > https://github.com/Jabberd2/jabberd2/wiki/InstallGuide =A0(which is linke= d > to from the jabberd2 home page at http://jabberd2.xiaoka.com/) and the > comments in the sample .xml files and it all worked fine after the usual > sort of testing and debugging. Ok will check it out....... and hopefully understand more on jabberd rather then going blind :-) > > =A0 =A0 =A0 =A0Cheers, > > =A0 =A0 =A0 =A0Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey > > Regards, Kaya