[JDEV] authenticated registration
kadokev at msg.net
kadokev at msg.net
Tue Mar 6 22:57:24 CST 2001
> I would like to stop just anyone from registering with my jabber server.
I have a similar issue. I need to authenticate new users registering with
the jabber server, to ensure that the 'login' being created is their
'official' username. That is, to ensure that 'login at jabber.ourdomain.com'
is the same as their 'login' for the 'ourdomain' NT domain.
No matter how big disclaimers I put up as to the non-verifiability of user
information, I cannot risk having 'Bob HelpDeskGuy' register as 'Jim TheCEO'.
It would probably be excessive (yet fun) to try to build strong authentication
into the Jabber server, but perhaps the server *could* be extended to 'proxy'
user authentication to a web server?
> I hear you could set the spool directory read only to stop people from
> adding themselves. Ideally, jabberd should be able to require that a user
> wishing to be added to the server supply the administrator account login
> information, or be added to the server by the administrator him/herself.
Has anybody looked into having the 'spool' directory owned by a web server,
and use a CGI script on the HTTPd to create the XML files? This would allow
for authentication of initial account creation via any mechanism supported
by Apache- RADIUS, LDAP, NIS, mSQL, DCE, NDS, TACACS+, etc.
What I'll most likely end up with is a web site that uses an Apache
NT domain authentication module (http://www.asaban.com/index_pl.html) to
verify their identity and create the XML file the first time. The script
may also go to an LDAP server and extract their full name and other detail
at the same time.
Kevin
More information about the JDev
mailing list