Hey there all,
Here at $dayjob we'd like to make it so that your jabber password is one fewer to remember, and instead use your Kerberos password.
However, we still want to have control of the user list be via the ejabberd web UI (as we may have users such as consultants who have a valid pam login, but not want them to use jabber).
We don't do LDAP of any sort -- most of our management is static, but only our ops group have accounts on our jabber machine.
Put another way -- this would separate "AUTHENTICATION" (are you actually ?) from "AUTHORIZATION" (is allowed to XMPP?).
Kerberos really only deals with the first of those. It has no concept of "groups".
Best,
-Gushi
gushi wrote: (as we may have
(as we may have users such as consultants who have a valid pam login, but not want them to use jabber).
Use the option Access in the ejabberd_c2s listener to prevent some usernames access to login, and grant the others. In the example config file, search for "baduser@example.org" and blocked.