[ejabberd] Alternate authentication for BOSH clients?

Sean Dilda sean at duke.edu
Sat May 30 00:55:56 MSD 2009

Arne Claassen wrote:
> I'm sorry if this has been covered before, but i'm looking into 
> automatically logging users on our site into the our ejabberd server 
> when they visit a page using a bosh client. I have an authenticated 
> session in the browser and know their user name and jid, but i don't 
> want to have a non-secure web page deliver the password to the bosh 
> component for login. I'd prefer to let it either use a one-time key or 
> pass on the web session key. But at the same time, users should still be 
> able to log in with an Xmpp Client and their user/pass. Is there a hook 
> in ejabberd for that can either call a webservice for authentication, or 
> do i need a custom module? I figure others using ejabberd for presence 
> on their website must have run into this before. Any pointers would be 
> appreciated.

We faced a similar problem.  We still don't have our web-based jabber 
client deployed, but we did get the authentication issue mostly resolved.

We have a Web SSO that was built in house.  To get the SSO working with 
webmail, some of our folks had already written a system where the SSO 
would generate a short-lived password.  They'd already written a pam 
module that they installed on the IMAP server to make everything work.

We adjusted this so our web client grabs the short-time pasword from the 
web-sso and passes that password on to ejabberd.  We were already doing 
PAM authenticate with ejabberd, so it was easy to modify to use the 
other pam module as well.

More information about the ejabberd mailing list