https://www.ejabberd.im/node/4012 en https://www.ejabberd.im/node/4012#comment-55632 <div class="quote-msg"> <div class="quote-author"><em>evilfred</em> wrote:</div> <p>are there any features in ejabberd I can use to validate that the client is who they say they are?</p></div> <p>Nothing like that is implemented.</p> <p>Openfire implemented this feature two years ago using a simple verification method, but it was demonstrated to be very vulnerable: <noindex><a href="http://coccinella.im/bypassing-openfire-client-control" rel="nofollow" >A Fool's Guide to Bypass Openfire's Client Control<br /> </a></noindex></p> Sat, 24 Apr 2010 11:18:19 +0000 mfoss comment 55632 at https://www.ejabberd.im https://www.ejabberd.im/node/4012#comment-55622 <p>Maybe I could put it in a more general way: are there any features in ejabberd I can use to validate that the client is who they say they are?</p> Wed, 21 Apr 2010 17:35:26 +0000 evilfred comment 55622 at https://www.ejabberd.im https://www.ejabberd.im/node/4012#comment-55621 <p>Ok, thanks</p> Wed, 21 Apr 2010 17:32:16 +0000 evilfred comment 55621 at https://www.ejabberd.im https://www.ejabberd.im/node/4012#comment-55611 <div class="quote-msg"> <div class="quote-author"><em>evilfred</em> wrote:</div> <p>The External Authentication Scripts page here: <a href="http://www.ejabberd.im/extauth" title="http://www.ejabberd.im/extauth">http://www.ejabberd.im/extauth</a> refers to a non-existent developer's guide page for more info (at <noindex><a href="http://svn.process-one.net/ejabberd/trunk/doc/dev.html#htoc9" title="http://svn.process-one.net/ejabberd/trunk/doc/dev.html#htoc9" rel="nofollow" >http://svn.process-one.net/ejabberd/trunk/doc/dev.html#htoc9</a></noindex>). </p></div> <p>Ah, ejabberd was migrated from SVN to Git, and that link got old. I've updated it, check again.</p> <div class="quote-msg"> <div class="quote-author"><em>evilfred</em> wrote:</div> <p>I would like to check the certificate supplied by the client during authentication to see if some value in it matches the expected value. Is this something I could do using an External Authentication script? I'm thinking no because the example scripts only take in username and password values. </p></div> <p>As you suspected, ejabberd's extauth is not capable or intended for that thing. You will see clearly now when you check its documentation.</p> <div class="quote-msg"> <div class="quote-author"><em>evilfred</em> wrote:</div> <p> I have checked the dev doc pages here: <noindex><a href="http://www.process-one.net/docs/ejabberd/devdoc/trunk/" title="http://www.process-one.net/docs/ejabberd/devdoc/trunk/" rel="nofollow" >http://www.process-one.net/docs/ejabberd/devdoc/trunk/</a></noindex> and they are generated docs which seem next to useless in terms of actual documentation. </p></div> <p>Right, those are still almost empty from user-written information.</p> <div class="quote-msg"> <div class="quote-author"><em>evilfred</em> wrote:</div> <p>There is actually an XEP around this: XEP-0178 (Client Certificates for SASL EXTERNAL). Is this something that ejabberd might support natively in the future? </p></div> <p>If somebody implements it, then yes :P</p> <p>I didn't find any patch, not even a feature request for that XEP. So either you implement it, or get somebody onboard to implement it, or wait patiently to see if somebody does.</p> Tue, 20 Apr 2010 19:02:14 +0000 mfoss comment 55611 at https://www.ejabberd.im