Friday, January 16, 2009

djabberd knowing no secret, SASL delegation, or pass-thru

I just hate that djabberd gets to know the password of users. I'd like to delegate the SASL part to LDAP or another centralized piece of infrastructure whose job it is. That way the client could connect to jabber without giving away the keys of the house.

client <-> SASL + DIGEST_MD5(auth) <-> djabberd <-> SASL+ DIGEST_MD5(auth) <-> LDAP

djabberd effectively acting like a man in the middle.

Does such thing exists somewhere, or is it just a bad thing? Why?

Posted on Friday, January 16, 2009 at 01:20 in xmpp | | Comments (3)

|

XMPP and auth-conf in SASL DIGEST-MD5

It looks like nobody is supporting auth-conf in XMPP sasl. Well, I don't find it surprising really, since it's pretty much useless as far as I understand (STARTTLS + SASL PLAIN is much simpler), but I'm a bit disappointed, I wanted to look how it would work inside djabberd. Maybe I can get it with GSSAPI mechanism?

(note, auth-conf is just the name of the digest-md5 mode where the confidentiality layer is installed on the connection, effectively crypting the communication between the two parties once the SASL session has been negotiated).

Posted on Friday, January 16, 2009 at 00:38 in linux, perl, tech, xmpp | | Comments (2)

|

Categories

www.flickr.com

Me, elsewhere

Archives

More...