jabberd port doesn't come with any certificates and is not
matthew at FreeBSD.org
Thu Mar 29 15:30:39 UTC 2012
On 29/03/2012 15:45, Kaya Saman wrote:
> I've recently built the jabberd port and upgraded to the latest version: 2.x
Actually jabberd2 (net-im/jabberd) is a completely different different
project to jabberd14 (net-im/jabber) -- it's not "upgrading" so much as
switching to a different piece of software.
In any case, jabberd2 is the correct choice: it is being actively
developed and is keeping abreast of the various XMPP extensions that are
> I'm having major problems in configuring it though and was wondering
> if someone could either give me a hand or help me generate
> certificates for it which are mentioned in the config file but not
> within the /usr/local/etc/jabberd directory.
> I'm experiencing this issue:
> Mar 29 16:33:48 JABBER jabberd/c2s:  [10.0.0.10, port=59032] connect
> Mar 29 16:33:48 JABBER jabberd/c2s:  got pre STARTTLS packet, dropping
> Mar 29 16:33:48 JABBER jabberd/c2s:  [10.0.0.10, port=59032]
> disconnect jid=unbound, packets: 1
Your client is attempting to switch its connection to using TLS. This
is good, especially if you are using a SASL method of LOGIN or PASSWORD
-- otherwise it would send passwords across the net in plain test.
> This is my realm information:
> <id realm='jabber.com'
> instructions='Enter a username and password to register with
> this server.'
> <!-- or the default host
> <id password-change='mu' /> -->
> jabber.com may publicly exist however, this is a trial done in Vbox
> and totally offline just so I can understand the necessary mechanisms
> involved as to learn how the jabberd server functions!
You've got both 'register-enable' and 'register-oob' -- you probably
don't want both of those, unless you do have an out-of-band method to
create user accounts.
Presumably you have created the required server x509 certificate. If
you're doing it on the cheap, that means a self-signed certificate. In
which case there simply won't be a cain of CA certs to worry about. I'd
also recommend require-starttls='true'
Of course, there's a lot more to setting up jabberd than just this
little section of one of the config files.
> I'm using Pidgin as the IM client who is configured like:
> Username: user
> Domain: jabber.com
> Password: <secret>
> Local Alias: user_alias
> Use encrypted connections if available <<<---***
> Allow plaintext auth over unencrypted streams <<<---***
> Connect server: srv.jabber.com
Those two marked items are not a good idea. If you're using login to
authenticate the SASL libraries expect you to use TLS to secure the
transaction, and the way of least resistance is to do so.
> On the client I keep getting: "Policy Violation" error.
> It's really weird but there seems to be a lack of documentation as I
> managed to find the stuff for jabberd version 1.4, for version 2.x
> I've followed some URL's:
> But still nothing is working, I believe it's to do with the security
> as in using encrypted or unencrypted connections but I can't be
> certain... there doesn't seem to be any mysql DB creation script
> either that I could find??
Look in /usr/local/share/doc/jabberd
I originally implemented jabberd2 using a MySQL database, but have
switched to PostgreSQL. Which RDBMs you use won't make a whole lot of
difference unless your traffic levels grow to pretty enormous levels.
In fact, for a lightly used system, sqlite would be a reasonable choice.
> Is there a fix or am I stuck??
Well, I have jabberd2 up and running quite happily. I don't remember
setting it up as being particularly traumatic. I just read the docco,
followed the install guide here:
https://github.com/Jabberd2/jabberd2/wiki/InstallGuide (which is linked
to from the jabberd2 home page at http://jabberd2.xiaoka.com/) and the
comments in the sample .xml files and it all worked fine after the usual
sort of testing and debugging.
Dr Matthew J Seaman MA, D.Phil.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120329/5b2aff71/signature.pgp
More information about the freebsd-ports