Slushpupie: WildFire/Config (last edited 2006-07-12 18:26:55 by Slushpupie)
Sample config changes:
<!-- sasl configuration -->
<sasl>
<!-- Mechs to advertise. Order here should reflect
preference advertised to client. Just because
you put it in this list dosnt mean it will be
advertised either. If the authProvider cant support
the mechanism, it wont be shown. PLAIN and ANONYMOUS
mechs also enable non-SASL authentication (the old
style XMPP auth), so removing them from this list
will disallow non-SASL auth -->
<mechs>GSSAPI</mechs>
<!-- <mechs>CRAM-MD5,DIGEST-MD5,PLAIN,EXTERNAL,ANONYMOUS</mechs> -->
<!-- Several SASL mechanisms have a concept of a realm,
but as of today only GSSAPI uses it. -->
<realm>REALM.COM</realm>
<!-- Mech specific configs here -->
<gssapi>
<debug>true</debug>
<!-- GSSAPI needs its own config file -->
<config>/opt/wildfire/conf/gssapi.conf</config>
<!-- most will set useSubjectCredOnly to false (the default) See
http://java.sun.com/j2se/1.4.2/docs/api/org/ietf/jgss/package-summary.html
for more details -->
<useSubjectCredsOnly>false</useSubjectCredsOnly>
</gssapi>
<!-- Some mechanisms allow for a principal different
than the username authenticating. The policyProvider
is what provides a storage for matching principals
to JIDs. The default uses the database provider
for storage. Not all providers will allow changes,
some -->
</sasl>
<provider>
<authorization>
<classList>org.jivesoftware.wildfire.sasl.LazyAuthorizationPolicy org.jivesoftware.wildfire.sasl.DefaultAuthorizationProvider</classList>
<!-- other options: null, LdapAuthorizationProvider, UnixK5LoginProvider, Strict and Lazy-->
</authorization>
</provider>
<!-- If LdapAuthorizationProvider is selected... -->
<!--
<ldap>
<authorizeField>k5login</authorizeField>
</ldap>
-->
<!-- If UnixK5LoginProvider is selected... -->
<!--
<unix>
<k5login>/home/{0}/.k5login</k5login>
<!-- Will "~{0}/.k5login" work? -->
</unix>
-->