Hello,
I wanted to know if there is a mechanism to enable hardware authentication with ejabberd.
I am running xmpp on an embedded hardware device and communicating with an ejabberd server. I only want to allow these devices to be able to establish a connection with the ejabberd. Is there a security mechanism within ejabberd that enables communication with only these "valid" devices?
Please let me know if there is a way to do this with ejabberd. Thank you.
Best regards,
Nadeem
ejabberd doesn't implement a
ejabberd doesn't implement a client-machine verification. Here are some alternative ideas.
The XMPP client logins to ejabberd:
1. in the standard port number 5222
2. using the standard XMPP authentication mechanism
3. providing a valid username
4. providing a valid server name
5. providing the valid password.
You can make login more complicated by:
1. move the ejabberd_c2s listener to a not standard port, like 2555
2. implement a custom auth mechanism both in ejabberd and in your clients
3. you can register a few accounts, tell the devices what account to use, and disable account registration in ejabberd
4. you can configure ejabberd to have {hosts, ["server123"]}. and then configure in the devices that server123 is associated to the IP address of the server machine.
5. implement a custom password verification system, where the passwords must be dynamically calculated both in ejabberd and the client machines, so only your devices are capable of providing a valid password.
The easier to do is 1, 3, and 4.