jabberd port doesn't come with any certificates and is not
allowing authorization?
Kaya Saman
kayasaman at gmail.com
Fri Mar 30 07:57:55 UTC 2012
On Thu, Mar 29, 2012 at 4:30 PM, Matthew Seaman <matthew at freebsd.org> wrote:
> On 29/03/2012 15:45, Kaya Saman wrote:
>> I've recently built the jabberd port and upgraded to the latest version: 2.x
>
> Actually jabberd2 (net-im/jabberd) is a completely different different
> project to jabberd14 (net-im/jabber) -- it's not "upgrading" so much as
> switching to a different piece of software.
>
> In any case, jabberd2 is the correct choice: it is being actively
> developed and is keeping abreast of the various XMPP extensions that are
> being published.
Ok so I'm on the right track then :-)
>
>> I'm having major problems in configuring it though and was wondering
>> if someone could either give me a hand or help me generate
>> certificates for it which are mentioned in the config file but not
>> within the /usr/local/etc/jabberd directory.
>>
>>
>> I'm experiencing this issue:
>>
>> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=59032] connect
>> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] got pre STARTTLS packet, dropping
>> Mar 29 16:33:48 JABBER jabberd/c2s[1498]: [8] [10.0.0.10, port=59032]
>> disconnect jid=unbound, packets: 1
>
> Your client is attempting to switch its connection to using TLS. This
> is good, especially if you are using a SASL method of LOGIN or PASSWORD
> -- otherwise it would send passwords across the net in plain test.
Hmm... so I guess pidgin doesn't do non-encrypted connections then?
I totally agree with using encryption however, I just want to learn
how to setup jabberd first in its most basic state before getting more
advanced.
>
>> This is my realm information:
>>
>>
>> <id realm='jabber.com'
>> pemfile='/usr/local/etc/jabberd/server.pem'
>> verify-mode='0'
>> cachain='/usr/local/etc/jabberd/client_ca_certs.pem'
>> require-starttls='false'
>> register-enable='true'
>> instructions='Enter a username and password to register with
>> this server.'
>> register-oob='http://srv.jabber.com/register'
>> password-change='true'
>> >jabber.com</id>
>> <!-- or the default host
>> <id password-change='mu' /> -->
>>
>>
>> jabber.com may publicly exist however, this is a trial done in Vbox
>> and totally offline just so I can understand the necessary mechanisms
>> involved as to learn how the jabberd server functions!
>
> You've got both 'register-enable' and 'register-oob' -- you probably
> don't want both of those, unless you do have an out-of-band method to
> create user accounts.
Actually to allow IM clients to register will be better, though later
on when I do a full implementation I will need to authenticate to
either PAM or AD.
>
> Presumably you have created the required server x509 certificate. If
> you're doing it on the cheap, that means a self-signed certificate. In
> which case there simply won't be a cain of CA certs to worry about. I'd
> also recommend require-starttls='true'
I don't have an x509 cert, I discovered this though:
http://www.stanbarber.com/freebsd/creating-self-signed-ssl-certificates-on-freebsd-with-openssl
Is that what you mean or is the x509 different from the SSL self signed cert?
>
> Of course, there's a lot more to setting up jabberd than just this
> little section of one of the config files.
Means a lot more to learn....
>
>> I'm using Pidgin as the IM client who is configured like:
>>
>> Username: user
>> Domain: jabber.com
>> Password: <secret>
>> Local Alias: user_alias
>> Use encrypted connections if available <<<---***
>> Allow plaintext auth over unencrypted streams <<<---***
>> Connect server: srv.jabber.com
>
> Those two marked items are not a good idea. If you're using login to
> authenticate the SASL libraries expect you to use TLS to secure the
> transaction, and the way of least resistance is to do so.
Once cert has been created I will adjust accordingly!
>
>> On the client I keep getting: "Policy Violation" error.
>>
>>
>> It's really weird but there seems to be a lack of documentation as I
>> managed to find the stuff for jabberd version 1.4, for version 2.x
>> I've followed some URL's:
>>
>> http://www.jms1.net/jabberd2/
>>
>> http://www.indiangnu.org/2009/how-to-configure-jabber-jabberd2-with-mysqlpam-as-auth-database/
>>
>> http://bionicraptor.co/2011/07/25/how-to-encrypt-jabberd2-communications/
>>
>> http://bionicraptor.co/2011/05/20/how-to-install-and-configure-japperd2-with-mysql/
>>
>>
>> But still nothing is working, I believe it's to do with the security
>> as in using encrypted or unencrypted connections but I can't be
>> certain... there doesn't seem to be any mysql DB creation script
>> either that I could find??
>
> Look in /usr/local/share/doc/jabberd
>
> I originally implemented jabberd2 using a MySQL database, but have
> switched to PostgreSQL. Which RDBMs you use won't make a whole lot of
> difference unless your traffic levels grow to pretty enormous levels.
> In fact, for a lightly used system, sqlite would be a reasonable choice.
>
>> Is there a fix or am I stuck??
>
> Well, I have jabberd2 up and running quite happily. I don't remember
> setting it up as being particularly traumatic. I just read the docco,
> followed the install guide here:
> https://github.com/Jabberd2/jabberd2/wiki/InstallGuide (which is linked
> to from the jabberd2 home page at http://jabberd2.xiaoka.com/) and the
> comments in the sample .xml files and it all worked fine after the usual
> sort of testing and debugging.
Ok will check it out....... and hopefully understand more on jabberd
rather then going blind :-)
>
> Cheers,
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.
> PGP: http://www.infracaninophile.co.uk/pgpkey
>
>
Regards,
Kaya
More information about the freebsd-ports
mailing list