Changeset - 8b0cbc64f6e9
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 10 years ago 2015-03-08 11:24:07
branko@majic.rs
MAR-3: Added legacyauth module, including support for deprecated TLS/SSL on port 5223.
2 files changed with 6 insertions and 2 deletions:
docs/rolereference.rst
2
2
roles/prosody/templates/prosody.cfg.lua.j2
4
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -493,15 +493,15 @@ The role implements the following:
 
* Installs Prosody.
 
* Configures Prosody.
 

			




	
	
	
		
 
Prosody is configured as follows:

			




	
	
	
		
 

			




	
	
	
		
 
* Modules enabled: roster, saslauth, tls, dialback, posix, private, vcard,

			




	
	
	
		
 
  version, uptime, time, ping, pep, register, admin_adhoc, announce.

			




	
	
	
		
 
  version, uptime, time, ping, pep, register, admin_adhoc, announce, legacyauth.

			




	
	
	
		
 
* Self-registration is not allowed.

			




	
	
	
		
 
* TLS is configured.

			




	
	
	
		
 
* TLS is configured. Legacy TLS is available on port 5223.

			




	
	
	
		
 
* Client-to-server communication requires encryption (TLS).

			




	
	
	
		
 
* Authentication is done via LDAP. For setting the LDAP TLS truststore, see

			




	
	
	
		
 
  :ref:`LDAP Client <ldap_client>`.

			




	
	
	
		
 
* Internal storage is used.

			




	
	
	
		
 
* For each domain specified, a dedicated conference/multi-user chat (MUC)

			




	
	
	
		
 
  service is set-up, with FQDN set to ``conference.DOMAIN``.

			




        

    


    
    

    

        

                

                    roles/prosody/templates/prosody.cfg.lua.j2
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -29,12 +29,13 @@ modules_enabled = {

			




	
	
	
		
 

			




	
	
	
		
 
  -- Admin interfaces

			




	
	
	
		
 
    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

			




	
	
	
		
 

			




	
	
	
		
 
  -- Other specific functionality

			




	
	
	
		
 
    "announce"; -- Send announcement to all online users

			




	
	
	
		
 
    "legacyauth"; -- Allow legacy authentication and SSL

			




	
	
	
		
 
};

			




	
	
	
		
 

			




	
	
	
		
 
-- Disable account creation by default, for security

			




	
	
	
		
 
-- For more information see http://prosody.im/doc/creating_accounts

			




	
	
	
		
 
allow_registration = false;

			




	
	
	
		
 

			




	
	
		
 
@@ -42,12 +43,15 @@ allow_registration = false;

			




	
	
	
		
 
-- to use SSL/TLS, you may comment or remove this

			




	
	
	
		
 
ssl = {

			




	
	
	
		
 
  key = "{{ prosody_tls_key }}";

			




	
	
	
		
 
  certificate = "{{ prosody_tls_certificate }}";

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
-- Ports on which to have direct TLS/SSL.

			




	
	
	
		
 
legacy_ssl_ports = { 5223 }

			




	
	
	
		
 

			




	
	
	
		
 
-- Force clients to use encrypted connection.

			




	
	
	
		
 
c2s_require_encryption = true

			




	
	
	
		
 

			




	
	
	
		
 
-- Disable certificate validation for server-to-server connections.

			




	
	
	
		
 
s2s_secure_auth = false

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2024 by various authors & licensed under GPLv3.