From owner-freebsd-ports@FreeBSD.ORG Fri Mar 30 12:06:16 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D9A31106566C; Fri, 30 Mar 2012 12:06:16 +0000 (UTC) (envelope-from kayasaman@gmail.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7154B8FC16; Fri, 30 Mar 2012 12:06:16 +0000 (UTC) Received: by qcsg15 with SMTP id g15so359764qcs.13 for ; Fri, 30 Mar 2012 05:06:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=+sDFA7oFYCrZv2sX8wPe1JmnW3QOmvHmyMmb02hsIhE=; b=Se1TtquIAtu1YxrilhgsC3V6Jl+Kx5H/Spe0/FPNw5LsvAr18KhVoHrkWV2f8rt3B0 ThvCpOvZinSAMbEimOVeUoJfQPVVe4xzPoEreOB9HZkQ5x/ehmo78QJpy30LvEdjFRn6 gBARuxJa242u+b/AWEnGvG3k7E3TKhglUF4a46Fhf6FNZKZQkxUdtx896XSNKOfOPHVX 0JwhjJpevlUFAZ5ta3dBxtDQqr9ZsRlZcOcyCZoTVcgy/poMHI2zNvLMuo6v0j80sLZq tDU+3c5yMX5e7vihTSjmdP4/j/vytXO87YsCDsasSXxqFjMhHSm68P8bfOq5hzrInBn2 yjcg== MIME-Version: 1.0 Received: by 10.224.33.134 with SMTP id h6mr5087762qad.15.1333109175438; Fri, 30 Mar 2012 05:06:15 -0700 (PDT) Received: by 10.229.187.130 with HTTP; Fri, 30 Mar 2012 05:06:15 -0700 (PDT) In-Reply-To: <4F75811F.40205@FreeBSD.org> References: <4F74800E.6070503@FreeBSD.org> <4F75811F.40205@FreeBSD.org> Date: Fri, 30 Mar 2012 13:06:15 +0100 Message-ID: From: Kaya Saman To: Matthew Seaman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ports@freebsd.org Subject: Re: jabberd port doesn't come with any certificates and is not allowing authorization? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 12:06:16 -0000 On Fri, Mar 30, 2012 at 10:47 AM, Matthew Seaman wrot= e: > On 30/03/2012 08:57, Kaya Saman wrote: >>> You've got both 'register-enable' and 'register-oob' -- you probably >>> > don't want both of those, unless you do have an out-of-band method to >>> > create user accounts. > >> Actually to allow IM clients to register will be better, though later >> on when I do a full implementation I will need to authenticate to >> either PAM or AD. > > The point was that 'register-enable' turns on jabberd's internal account > creation functions, whereas 'register-oob' says to go to a separate site > in order to create the account. > > If you're using a user database from elsewhere (pam or AD for instance), > then you'ld want neither of those options. That is for the future though, let me just get the base working in order to understand what I'm doing then I'll look at further options for authentication later. :-) > > =A0cat foo.key foo.crt > foo.pem > > =A0 =A0 This is an application specific thing: some apps like key and cer= t > =A0 =A0 together like this, others use separate files for key and cert. I've got this done and referenced it within the c2s.xml file: [...] jabber.com [...] Is now this portion of the c2s.xml file however, I still get: [...] Mar 30 13:55:28 JABBER jabberd/sm[4580]: attempting connection to router at 127.0.0.1, port=3D5347 Mar 30 13:55:28 JABBER jabberd/router[4579]: [127.0.0.1, port=3D23777] conn= ect Mar 30 13:55:28 JABBER jabberd/router[4579]: [127.0.0.1, port=3D19978] conn= ect Mar 30 13:55:28 JABBER jabberd/s2s[4581]: connection to router established Mar 30 13:55:28 JABBER jabberd/router[4579]: [127.0.0.1, port=3D54420] authenticated as jabberd@jabberd-router Mar 30 13:55:28 JABBER jabberd/router[4579]: [s2s] set as default route Mar 30 13:55:28 JABBER jabberd/router[4579]: [s2s] online (bound to 127.0.0.1, port 54420) Mar 30 13:55:28 JABBER jabberd/c2s[4582]: connection to router established Mar 30 13:55:28 JABBER jabberd/router[4579]: [127.0.0.1, port=3D23777] authenticated as jabberd@jabberd-router Mar 30 13:55:28 JABBER jabberd/router[4579]: [c2s] online (bound to 127.0.0.1, port 23777) Mar 30 13:55:28 JABBER jabberd/sm[4580]: connection to router established Mar 30 13:55:28 JABBER jabberd/router[4579]: [127.0.0.1, port=3D19978] authenticated as jabberd@jabberd-router Mar 30 13:55:28 JABBER jabberd/router[4579]: [sm] online (bound to 127.0.0.1, port 19978) Mar 30 13:55:28 JABBER jabberd/sm[4580]: sm ready for sessions Mar 30 13:55:28 JABBER jabberd/router[4579]: [jabber.com] online (bound to 127.0.0.1, port 19978) Mar 30 13:55:28 JABBER jabberd/s2s[4581]: [0.0.0.0, port=3D5269] listening for connections Mar 30 13:55:28 JABBER jabberd/s2s[4581]: ready for connections Mar 30 13:55:28 JABBER jabberd/c2s[4582]: [0.0.0.0, port=3D5222] listening for connections Mar 30 13:55:28 JABBER jabberd/c2s[4582]: ready for connections Mar 30 13:55:42 JABBER jabberd/c2s[4582]: [8] [10.0.0.10, port=3D60660] con= nect Mar 30 13:55:42 JABBER jabberd/c2s[4582]: [8] [10.0.0.10, port=3D60660] disconnect jid=3Dunbound, packets: 0 Mar 30 13:55:45 JABBER jabberd/c2s[4582]: [8] [10.0.0.10, port=3D60661] con= nect Mar 30 13:55:45 JABBER jabberd/c2s[4582]: [8] [10.0.0.10, port=3D60661] disconnect jid=3Dunbound, packets: 0 The IM clients (Pidgin) settings are: Require Encryption Connection Port: 5222 Connection Server: srv.jabber.com Domain: jabber.com username: password: local alias: The Bind9 DNS zone looks like this: $TTL 1h ; default expiration time of all resource records without their own TTL value @ IN SOA ns1.jabber.com. info.jabber.com. ( 2012032802 ; serial number of this zone file 1d ; slave refresh (1 day) 2h ; slave retry time in case of a problem (2 hours) 4w ; slave expiration time (4 weeks) 1h ; maximum caching time in case of failed lookups (1 hour) ) ; @ IN NS ns1.jabber.com. ns1 IN A 10.0.0.1 srv.jabber.com. IN A 10.0.0.7 jabber.com. IN A 10.0.0.7 _xmpp-server._tcp.jabber.com. IN SRV 0 0 5269 srv.jabber.com. _xmpp-client._tcp.jabber.com. IN SRV 0 0 5222 srv.jabber.com. _jabber._tcp.jabber.com. IN SRV 0 0 5269 srv.jabber.com. I'm guessing everything is setup properly but I don't get why the system isn't connecting? The jabberd service starts meaning that it's connecting to the MySQL DB..... and looking at the config files everything else seems to be ok! Regards, Kaya > > =A0 =A0 =A0 =A0Cheers, > > =A0 =A0 =A0 =A0Matthew > > [*] Which just begs the question of "who is this CA and why should I > trust them to vouch for anyone else?" =A0Well, there's a hierarchy of > certification authorities. =A0The CA can itself issue a certificate for > its certificate-signing key that is itself signed by some higher CA > saying that they are fit and proper people to take that role. =A0And so > on, ad nauseam. =A0Eventually you get to the top level, so called 'root' > CAs, which are presumed to be so well known by everyone that you can > just trust them without further quibble. =A0(Yeah, right.) > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey > >