[ejabberd] External authentication randomly fails in 2.1.1

Stephan Maihöfer sma at turtle-entertainment.de
Fri Jan 15 17:30:35 MSK 2010


hi,

in our experience external authentication via a script is
not a good idea for production systems and to my
questions on this list someone answered that it is
not really intended for servers that serve a great number
of sessions. it has to be somewhere in the archives...

...there we go:
http://lists.jabber.ru/pipermail/ejabberd/2009-May/004926.html

so you will be better off rewriting your auth-module
in erlang. which is what we did, in the end.

greetings,
stephan 

> -----Original Message-----
> From: ejabberd-bounces at jabber.ru 
> [mailto:ejabberd-bounces at jabber.ru] On Behalf Of Augustine Ike
> Sent: Friday, January 15, 2010 3:15 PM
> To: ejabberd at jabber.ru
> Subject: Re: [ejabberd] External authentication randomly 
> fails in 2.1.1
> 
> Hi,
>      Do you have a firewall in your network? If you do, enable Port
> 5222 and Port 5223. Also if you use DNS, you have to make 
> sure that XMPP entries exist for those ports. The DNS piece 
> may be trivial but the ports MUST be enabled.
> if it fails, make sure you have the right modules installed 
> to enforce external authentication. My setup for Kerberos 
> failed because I did not have the right modules.
> 
> Ike
> 
> 
> 
> On Fri, Jan 15, 2010 at 1:08 AM, Erkki-T. Peura 
> <etpeura at gmail.com> wrote:
> > Hi,
> >
> > I would like to get some pointers/help to further troubleshoot 
> > external authentication problem we have in ejabberd 2.1.1 Normally 
> > script works just fine but sometimes undependent from client used 
> > (Pidgin, Psi etc.) external authentication fails. If user just 
> > retries, authentication is ok so user credentials or such 
> are not an 
> > issue here.
> >
> > Strange thing is that script doing authentication claims to 
> return 1 
> > but ejabberd log shows 0:
> >
> > authentication script log:
> > Jan 14 10:09:58 machine auth.pl[31756]: request: auth Jan 
> 14 10:09:58 
> > machine auth.pl[31756]: user at domain.tld: auth ok Jan 14 10:09:58 
> > machine auth.pl[31756]: user at domain.tld: returning 1
> >
> > ejabberd log:
> >
> > =INFO REPORT==== 2010-01-14 10:09:58 ===
> > D(<0.269.0>:extauth:73) : extauth call '["auth","user","domain.tld",
> >                                         "password"]' 
> received data response:
> > [0,0]
> >
> > =INFO REPORT==== 2010-01-14 10:09:58 ===
> > I(<0.17506.0>:ejabberd_c2s:584) : 
> > ({socket_state,tls,{tlssock,#Port<0.11393>,#Po
> > rt<0.11395>},<0.17505.0>}) Failed authentication for user at domain.tld
> >
> > Here's part of perl script that returns result:
> >
> > syslog(LOG_DEBUG,"$jid: returning $result"); my $out = pack 
> > "nn",2,$result; syswrite STDOUT,$out;
> >
> > It's not a load issue, there's under <10 users
> >
> > More logs available at http://pastebin.com/m180a5d1d, versions 
> > ejabberd 2.1.1, perl 5.8.8
> >
> > Authentication config:
> > {auth_method, [external, internal]}.
> > {extauth_program, "/usr/bin/perl 
> /opt/ejabberd/addons/auth/auth.pl"}.
> >
> >
> > TIA,
> >    - etp -
> > _______________________________________________
> > ejabberd mailing list
> > ejabberd at jabber.ru
> > http://lists.jabber.ru/mailman/listinfo/ejabberd
> >
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
> 


More information about the ejabberd mailing list