1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
diff -Naur jabber-1.4.2a-13/jabber.xml jabber-1.4.3-1/jabber.xml
--- jabber-1.4.2a-13/jabber.xml 2003-11-20 13:49:01.000000000 -0700
+++ jabber-1.4.3-1/jabber.xml 2003-11-20 13:54:28.000000000 -0700
@@ -1,18 +1,22 @@
<jabber>
<!--
- This is the Jabber server configuration file. The file is
+ This is the Jabber server configuration file. The file is
broken into different sections based on the services being
managed by jabberd, the server daemon. Most of the important
- sections have comments and are easy to modify. You can find
- full instructions in the server howto, which is available at
- http://docs.jabber.org/. Note that when you see a tag like
- "jabberd:cmdline", it's automatically replaced on startup
- with the command line flag passed in to jabberd. This enables
- you to override parameters set in this configuration file if
- necessary or desired. Also note as you comment things in and
- out that jabberd does not like comments within comments, so
- be careful with your XML. :)
+ sections have comments and are easy to modify.
+
+ At http://jabberd.jabberstudio.org/1.4/ you find further
+ instructions including an annotated version of this con-
+ figuration file and an installation guide.
+
+ Note that when you see a tag like "jabberd:cmdline", it's
+ automatically replaced on startup with the command line flag
+ passed in to jabberd. This enables you to override para-
+ meters set in this configuration file if necessary or de-
+ sired. Also note as you comment things in and out that
+ jabberd does not like comments within comments, so be care-
+ ful with your XML. :)
-->
@@ -25,7 +29,6 @@
* other basic server information
* the location of the session log file
* email addresses for server administrators
- * the location of the server that provides update information
* registration instructions for new users
* a welcome message for new users
* a list of agents with which users can register
@@ -36,11 +39,16 @@
<service id="sessions">
<!--
- Change hostname below to something other than "localhost",
- i.e., to the hostname or IP address of your Jabber server.
+ Replace all occurrences of "localhost" in this file by
+ the hostname of your Jabber server. Be aware changing
+ the server's name is all but impossible once users start
+ to use the server. So choose a name that is permanent
+ (especially no Intranet hostnames or IP addresses).
+
Multiple <host/> entries are allowed - each one is for a
separate virtual server. Note that each host entry must
be on one line, the server doesn't like it otherwise! :)
+ Use lowercase for the hostname.
-->
<host><jabberd:cmdline flag="h">localhost</jabberd:cmdline></host>
@@ -57,10 +65,9 @@
for mod_filter, a server-side module built into
JSM that enables users to set delivery rules for
messages they receive (not yet supported by all
- clients. The <allow/> subsection specifies which
+ clients). The <allow/> subsection specifies which
conditions and actions to enable. High-level
- descriptions of each setting can be found below
- (see docs.jabber.org for full details):
+ descriptions of each setting can be found below:
* <default/> - a user cannot delete this one, it's
the default rule for delivering messages
@@ -123,8 +130,8 @@
<!--
Registration instructions and required fields. The
notify attribute will send the server administrator(s)
- a message after each valid registration if it is set
- to "yes".
+ a message after each valid registration if the notify
+ attribute is present.
-->
<register notify="yes">
@@ -140,7 +147,7 @@
<welcome>
<subject>Welcome!</subject>
- <body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://docs.jabber.org/</body>
+ <body>Welcome to the Jabber server -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body>
</welcome>
<!--
@@ -183,21 +190,6 @@
-->
<!--
- This is the resource that checks for updated versions
- of the Jabber server software. Note that you don't lose
- any functionality if you comment this out. Removing the
- <update/> config is especially a good strategy if your
- server is behind a firewall. If you want to use this
- feature, change 'localhost' to the hostname or IP address
- of your server, making sure that it is the same as your
- entry for <host/> above.
-
- Turned OFF by Default on Debian GNU/Linux
- -->
-
- <!-- <update><jabberd:cmdline flag="h">localhost</jabberd:cmdline></update> -->
-
- <!--
This enables the server to automatically update the
user directory when a vcard is edited. The update is
only sent to the first listed jud service below. It is
@@ -214,6 +206,8 @@
defined in its own <service/> section below. These services
will appear in the user interface of Jabber clients that
connect to your server.
+ The <browse/> section is also used by mod_disco (see below)
+ for building the disco#items reply.
-->
<browse>
@@ -239,8 +233,6 @@
<!-- we're commenting these out, of course :)
- <conference type="private" jid="conference.localhost" name="Private Conferencing"/>
-
<service type="aim" jid="aim.localhost" name="AIM Transport">
<ns>jabber:iq:gateway</ns>
<ns>jabber:iq:register</ns>
@@ -255,6 +247,43 @@
</browse>
+ <!--
+ "Service Discovery" (disco, JEP-0030) supersedes
+ "Jabber Browsing" (JEP-0011).
+ The <disco/> section is used for building the disco#info reply.
+ -->
+ <disco>
+ <identity category='services' type='jabber' name='Jabber 1.4 Server'/>
+ <feature var='jabber:iq:browse'/>
+ <feature var='jabber:iq:agents'/>
+ <feature var='jabber:iq:register'/>
+ <feature var='jabber:iq:time'/>
+ <feature var='jabber:iq:last'/>
+ <feature var='jabber:iq:version'/>
+ </disco>
+
+ <!--
+ Select the hashing algorithm that mod_auth_crypt uses
+ for storing passwords
+ Possible values:
+ crypt ... traditional hashing as implemented in crypt()
+ SHA1 ... using SHA1 hashes
+ -->
+ <mod_auth_crypt>
+ <hash>SHA1</hash>
+ </mod_auth_crypt>
+
+ <!--
+ Configuration for mod_version. By defining <no_os_version/>
+ mod_version will not report the version of your OS.
+ -->
+ <!--
+ <mod_version>
+ <no_os_version/>
+ </mod_version>
+ -->
+
+
</jsm>
<!--
@@ -271,17 +300,41 @@
<mod_roster>./jsm/jsm.so</mod_roster>
<mod_time>./jsm/jsm.so</mod_time>
<mod_vcard>./jsm/jsm.so</mod_vcard>
- <!-- <mod_version>./jsm/jsm.so</mod_version> -->
+ <mod_last>./jsm/jsm.so</mod_last>
+ <mod_version>./jsm/jsm.so</mod_version>
<mod_announce>./jsm/jsm.so</mod_announce>
<mod_agents>./jsm/jsm.so</mod_agents>
<mod_browse>./jsm/jsm.so</mod_browse>
+ <mod_disco>./jsm/jsm.so</mod_disco>
<mod_admin>./jsm/jsm.so</mod_admin>
<mod_filter>./jsm/jsm.so</mod_filter>
<mod_offline>./jsm/jsm.so</mod_offline>
<mod_presence>./jsm/jsm.so</mod_presence>
- <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
+
+ <!--
+ Authentication
+ For standard setups mod_auth_digest is recommended. Additionally
+ enable mod_auth_plain if you need plaintext authentication.
+ For maximum security, force SSL connections and use mod_auth_crypt
+ exclusively. Be aware encrypted password storage can lead to
+ problems when migrating to other authentication mechanisms
+ (LDAP...).
+ Switching from plain/digest to crypt needs manual work for
+ existing accounts, the reverse is not possible.
+ http://jabberd.jabberstudio.org/1.4/doc/adminguide#security
+ -->
+ <!-- mod_auth_digest: Password in clear text in storage,
+ encrypted/hashed on the wire -->
<mod_auth_digest>./jsm/jsm.so</mod_auth_digest>
- <mod_auth_0k>./jsm/jsm.so</mod_auth_0k>
+ <!-- mod_auth_plain: Password in clear text in storage
+ and on the wire. Disable this if you do not use clients
+ that need plaintext auth -->
+ <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
+ <!-- mod_auth_crypt: Password encrypted/hashed in storage,
+ clear text on the wire. Disabled as this only makes
+ sense when used exclusively and with SSL mandatory
+ <mod_auth_crypt>./jsm/jsm.so</mod_auth_crypt> -->
+
<mod_log>./jsm/jsm.so</mod_log>
<mod_register>./jsm/jsm.so</mod_register>
<mod_xml>./jsm/jsm.so</mod_xml>
@@ -291,7 +344,11 @@
<!-- OK, we've finished defining the Jabber Session Manager. -->
- <!-- The <xdb/> component handles all data storage, using the filesystem. -->
+ <!--
+ The <xdb/> component handles all data storage, using the filesystem.
+ Make sure the spool directory defined here exists and has proper
+ permissions.
+ -->
<xdb id="xdb">
<host/>
@@ -312,11 +369,21 @@
limit the amount of time allowed for authentication to be
completed, e.g., <authtime>10</authtime> for 10 seconds
+ * heartbeat - default is to not send out heartbeat packets
+ to the clients. This option allows you to specify that
+ you want heartbeats to happen every x seconds. This is
+ useful if you have a lot of dial-up or laptop users who
+ may drop their connection without logging off of jabber.
+ Otherwise the server won't notice that they are offline until
+ someone tries to send a packet to them (and the message is
+ lost). Example: <heartbeat>60</heartbeat>
+
* karma - this is an input/output rate limiting system that
the Jabber team came up with to prevent bandwidth hogging.
- For details about karma, read the io section at the bottom
- and/or see docs.jabber.org. These are the low settings and
- apply per connection/socket and can be changed as desired.
+ For details about karma, read the io section at the bottom.
+ These are the low settings and apply per connection/socket
+ and can be changed as desired.
+ To disable rate limiting just delete the <karma/> section.
-->
<service id="c2s">
@@ -325,6 +392,7 @@
</load>
<pthcsock xmlns='jabber:config:pth-csock'>
<authtime/>
+ <heartbeat/>
<karma>
<init>10</init>
<max>10</max>
@@ -336,13 +404,12 @@
<!--
Use these to listen on particular addresses and/or ports.
- <ip port="5222">127.0.0.1</ip>
+ Example: <ip port="5222">127.0.0.1</ip>
+ Default is to listen on port 5222 on every interface.
+ Remove the <ip/> section to disable non-ssl client connections.
-->
<ip port="5222"/>
- <!-- added to stop possible DOS due to default accept -->
- <ssl port="5223">127.0.0.1</ssl>
-
<!--
The <ssl/> tag acts pretty much like the <ip/> tag,
except it defines that SSL is to be used on the
@@ -390,7 +457,8 @@
<dnsrv>./dnsrv/dnsrv.so</dnsrv>
</load>
<dnsrv xmlns="jabber:config:dnsrv">
- <resend service="_jabber-server._tcp">s2s</resend> <!-- for supporting SRV records -->
+ <resend service="_xmpp-server._tcp">s2s</resend> <!-- for supporting XMPP compliant SRV records -->
+ <resend service="_jabber-server._tcp">s2s</resend> <!-- for supporting old style SRV records -->
<resend>s2s</resend>
</dnsrv>
</service>
@@ -426,6 +494,16 @@
</dialback>
</service>
+ <!--
+ update.jabber.org is long dead but some clients still
+ request update information. In order to avoid errors
+ in the logs, just drop packages for update.jabber.org.
+ -->
+ <service id="update.jabber.org">
+ <host>update.jabber.org</host>
+ <null/>
+ </service>
+
<!--
If you identified additional agents in the main <service/>
section (see examples above), you'll need to define each
@@ -442,17 +520,6 @@
<!-- we're commenting these out, of course :)
- <service id="conference">
- <load>
- <groupchat>/path/to/groupchat.so</groupchat>
- </load>
- <host>conference.localhost</host>
- </service>
-
- <service id="irc">
- <host>irc.localhost</host>
- </service>
-
<service id="aim.localhost">
<accept>
<ip/>
@@ -474,6 +541,7 @@
<!--
The following <io/> config initializes the top-level
I/O, otherwise known as MIO (Managed Input/Output).
+ Use IPs here or connections will fail.
-->
<io>
@@ -571,6 +639,7 @@
<!--
The following section initializes SSL for top-level I/O.
This works only when the server is compiled with openssl!
+ Use IPs here or connections will fail.
-->
<!--
<ssl>
|
