[JDEV] custom registration [was authenticated registration]

Wed Mar 7 14:34:26 CST 2001

YES!

We plan to do this in the near future and it would help us greatly if it was
all well documented.  Once we start we'd be happy to contribute to the doc
at least.

We've done some external services with Java handlers/routers talking to
other server software, but the whole auth/reg world with handling the spools
etc. is a bit hazy :)

Colin Madere
Asst. Dir. of Software Engineering
Vedalabs, Inc.

> -----Original Message-----
> From: Schuyler Heath [mailto:sheath at jabber.org]
> Sent: Wednesday, March 07, 2001 2:07 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] custom registration [was authenticated 
> registration]
> 
> 
> Hello,
> 
> As temas says, we already have this API.  FYI, you don't have to
> write it as a JSM module in C.  You could write it as an external perl
> script or just about any other language.
> 
> You would need to implement two components, a custom xdb backend for
> register/auth data and an auth component.
> 
> I wrote a brief description of how to do the auth part here:
> http://mailman.jabber.org/pipermail/jdev/2000-November/003899.html
> 
> If you or anyone else is interested I would be happy to elaborate on
> these XDB and auth components.  I really should write this up into
> a doc...
> 
> Schuyler
> 
> On Tue, Mar 06, 2001 at 09:31:27PM -0800, Robert Temple wrote:
> > We are in the same boat as you. We have a large database of 
> > users we would like to get into the Jabber system.  It would 
> > work best for us if all registration messages sent by clients 
> > got rejected. And when the jabber server received an auth 
> > message the it wouldn't look into its own database for a 
> > password, but instead it would  somehow fetch the password 
> > from our system.   And if the password matched but the user 
> > didn't exist in the Jabber system yet, it would create the 
> > new database entry (the users xml file) for that new user.
> > 
> > I'd rather not have users passwords stored in the Jabber 
> > database at all, we already have a database of usernames &
> > passwords. The less password we have, the more secure we are.
> > 
> > Further, it would be really nice if when someone added someone 
> > else to their roster but that person didn't exist, the server 
> > would check our registration system to see if they exist there, 
> > and if they did, send a special message back to the client that 
> > lets them send an email to that new person that would ask if 
> > they want to sign up for Jabber.
> > 
> > Short of rewriting a few server modules, there isn't an easy
> > way to do this.   I'd like to see a standard auth API to do 
> > what we need in the Jabber server or instead of an API, 
> > pehaps a configuration where the server would get auth 
> > auth verification from an external agent over exterx instead.
> > 
> > It seems like custom authentication is needed by a lot of 
> > groups.
> > 
> > -Robert
> > 
> > > -----Original Message-----
> > > From: kadokev at msg.net [mailto:kadokev at msg.net]
> > > Sent: Tuesday, March 06, 2001 9:57 PM
> > > To: jdev at jabber.org
> > > Subject: Re: [JDEV] authenticated registration
> > > 
> > > 
> > > > I would like to stop just anyone from registering with my 
> > > jabber server.
> > > 
> > > I have a similar issue. I need to authenticate new users 
> > > registering with
> > > the jabber server, to ensure that the 'login' being 
> created is their
> > > 'official' username. That is, to ensure that 
> > > 'login at jabber.ourdomain.com'
> > > is the same as their 'login' for the 'ourdomain' NT domain.
> > > 
> > > No matter how big disclaimers I put up as to the 
> > > non-verifiability of user
> > > information, I cannot risk having 'Bob HelpDeskGuy' register 
> > > as 'Jim TheCEO'.
> > > 
> > > It would probably be excessive (yet fun) to try to build 
> > > strong authentication
> > > into the Jabber server, but perhaps the server *could* be 
> > > extended to 'proxy'
> > > user authentication to a web server?
> > > 
> > > 
> > > > I hear you could set the spool directory read only to stop 
> > > people from
> > > > adding themselves. Ideally, jabberd should be able to 
> > > require that a user
> > > > wishing to be added to the server supply the administrator 
> > > account login
> > > > information, or be added to the server by the administrator 
> > > him/herself.
> > > 
> > > Has anybody looked into having the 'spool' directory owned by 
> > > a web server,
> > > and use a CGI script on the HTTPd to create the XML files?  
> > > This would allow
> > > for authentication of initial account creation via any 
> > > mechanism supported
> > > by Apache- RADIUS, LDAP, NIS, mSQL, DCE, NDS, TACACS+, etc.
> > > 
> > > What I'll most likely end up with is a web site that uses 
> an Apache
> > > NT domain authentication module 
> > > (http://www.asaban.com/index_pl.html) to
> > > verify their identity and create the XML file the first time. 
> > > The script
> > > may also go to an LDAP server and extract their full name and 
> > > other detail
> > > at the same time.
> > > 
> > > Kevin
> > > 
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > > 
> > 
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> > 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20010307/c3c4eb7b/attachment-0002.htm>