PAM (Pluggable Authentication Modules for Linux) provides built in authentication support for Jabberd 2.
Complete this section if you are using PAM for authorization. Authentication via PAM requires a valid PAM configuration file named jabberd. For many systems, this configuration file should be located under /etc/pam.d. Creation of Jabberd PAM configuration file is beyond the scope of this guide; however, a shortcut may be used to create this configuration file. Copy the system-auth configuration file to jabberd (as root):
cp /etc/pam.d/system-auth /etc/pam.d/jabberd
This will create a PAM configuration file that can be used by Jabberd2.
/etc/shadow file. Thus, Jabberd2 must be run as root, or the jabberd user must be granted read permissions for this file. Running the Jabberd2 server as root is not recommended.
jabberd PAM configuration file as below:
auth required pam_winbind.so
password required pam_winbind.so
account required pam_winbind.so
session required pam_winbind.so
PAM is now ready to be used with Jabberd 2. Continue on to begin configuring Jabberd 2 to authenticate against PAM.
c2s.xml)
Complete this section if you are using PAM for authentication. Jabberd requires little configuration to use PAM.
In c2s.xml under the section labeled Authentication/registration database configuration, edit the module to use pam:
<!-- Authentication/registration database configuration -->
<authreg>
<!-- Backend module to use -->
<module>pam</module>
Users cannot create their own accounts when using PAM for authentication. Therefore, public account registration should be disabled, while auto-create should be enabled so that the session manager can create accounts the first time users log on.
In c2s.xml, look for the Registration configuration subsection under the Authentication/registration database configuration section. Commenting the enable tag as below will disable public registration:
<!-- Registration configuration -->
<register>
<!-- Account registration is enabled by default (provided the
auth/reg module in use supports it). Comment this out to
disable. -->
<!-- <enable/> -->
In sm.xml under the section labeled User options (near the bottom of the file), uncomment the auto-create tag as below so that the session manager will create a new Jabberd2 account the first time a user logs on:
<!-- User options -->
<user>
<!-- By default, users must explicitly created before they can start
a session. The creation process is usually triggered by a c2s
component in response to a client registering a new user.
Enableing this option will make it so that a user create will be
triggered the first time a non-existant user attempts to start
a session. This is useful if you already have users in an
external authentication database (eg LDAP) and you don't want
them to have to register. -->
<auto-create/>
Your Jabberd 2 configuration for storage and authentication is now complete (provided that you have provisioned and configured for a storage package). Jump to Test Server to begin testing your server before moving on other configuration tasks, such as configuring SSL, in Section 5.
|| TODO: note that PAM should use SSL/TLS ||
© 2003 Will Kamishlian and Robert Norris
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.