25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
Go to file
Holger Weiss 86e17c379c Verify host name before offering SASL EXTERNAL
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:

1. Verify the certificate without checking the host name.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
   identity against the certificate host name(s).  On failure, abort the
   connection unconditionally.

ejabberd now does this instead:

1. Verify the certificate and compare the certificate host name(s)
   against the 'from' attribute of the stream header.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
   identity (if any) and consider the peer authenticated.

The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
asn1 Do not generate LDAP's ASN.1 code when compiling ejabberd. 2013-06-22 03:27:59 +10:00
contrib/extract_translations Provide header with latin-1 encoding in translations to work with Erlang/OTP R17 2014-03-12 17:26:27 +01:00
doc Merge pull request #171 from weiss/update-doc-url 2014-04-16 10:03:07 +02:00
examples Update example extauth script with tryregister, removeuser and removeuser3 (EJAB-641) 2010-12-03 17:26:10 +01:00
include Merge pull request #146 from jamielinux/master 2014-04-11 13:35:46 +02:00
m4 Fix version check 2013-07-24 14:47:32 +02:00
priv/msgs Update Hebrew translation (thanks to Isratine Citizen) 2014-04-07 16:26:50 +02:00
rel Change configuration file format to YAML 2013-08-21 22:17:59 +10:00
sql Merge pull request #146 from jamielinux/master 2014-04-11 13:35:46 +02:00
src Verify host name before offering SASL EXTERNAL 2014-04-23 11:45:17 +02:00
test Do not use functions from crypto module wherever possible 2013-11-05 20:07:38 +10:00
tools Merge pull request #146 from jamielinux/master 2014-04-11 13:35:46 +02:00
win32 Switch to rebar build tool 2013-06-13 11:11:02 +02:00
.gitignore Let Git ignore the "ebin" directory 2014-04-06 00:56:36 +02:00
autogen.sh Force regeneration of configure script 2014-04-18 12:13:17 +02:00
configure Re-create the configure script 2013-06-27 19:46:38 +10:00
configure.ac Fix release version number. 2013-08-30 09:12:33 +02:00
configure.bat Switch to rebar build tool 2013-06-13 11:11:02 +02:00
COPYING Update FSF address 2014-02-22 10:27:40 +00:00
ejabberd.init.template Switch to rebar build tool 2013-06-13 11:11:02 +02:00
ejabberd.yml.example Merge pull request #162 from weiss/enable-carbons 2014-04-22 13:53:23 +02:00
ejabberdctl.cfg.example improve ejabberdctl, and support different node names (thanks to Zach Calvert)(EJAB-1611) 2013-06-18 15:56:28 +02:00
ejabberdctl.template Change configuration file format to YAML 2013-08-21 22:17:59 +10:00
inetrc Switch to rebar build tool 2013-06-13 11:11:02 +02:00
install-sh Switch to rebar build tool 2013-06-13 11:11:02 +02:00
Makefile.in Fix ejabberdctl config name 2013-08-24 22:10:10 +10:00
Makefile.win32 Switch to rebar build tool 2013-06-13 11:11:02 +02:00
README Change configuration file format to YAML 2013-08-21 22:17:59 +10:00
rebar Update the rebar script 2013-07-01 02:22:18 +10:00
rebar.config.script Fix --{enable,disable}-transient_supervisors flag 2014-02-21 23:34:48 +01:00
vars.config.in Switch to rebar build tool 2013-06-13 11:11:02 +02:00

ejabberd - High-Performance Enterprise Instant Messaging Server 

Quickstart guide


0. Requirements

To compile ejabberd you need:
 - GNU Make
 - GCC
 - Libexpat 1.95 or higher
 - Libyaml 1.4 or higher
 - Erlang/OTP R15B or higher.
 - OpenSSL 0.9.8 or higher, for STARTTLS, SASL and SSL encryption.
 - Zlib 1.2.3 or higher, for Stream Compression support
   (XEP-0138). Optional.
 - PAM library. Optional. For Pluggable Authentication Modules (PAM).
 - GNU Iconv 1.8 or higher, for the IRC Transport
   (mod_irc). Optional. Not needed on systems with GNU Libc.
 - ImageMagick's Convert program. Optional. For CAPTCHA challenges.
 - exmpp 0.9.6 or higher. Optional. For import/export XEP-0227 files. 


1. Compile and install on *nix systems

To compile ejabberd execute the commands:
  ./configure
  make

To install ejabberd, run this command with system administrator rights
(root user):

  sudo make install

These commands will:
 - Install the configuration files in /etc/ejabberd/
 - Install ejabberd binary, header and runtime files in /lib/ejabberd/
 - Install the administration script: /sbin/ejabberdctl
 - Install ejabberd documentation in /share/doc/ejabberd/
 - Create a spool directory: /var/lib/ejabberd/
 - Create a directory for log files: /var/log/ejabberd/


2. Start ejabberd

You can use the ejabberdctl command line administration script to
start and stop ejabberd. For example:
  ejabberdctl start


For detailed information please refer to the
ejabberd Installation and Operation Guide