[ejabberd] Configuration

Konstantin Khomoutov flatworm at users.sourceforge.net
Wed May 11 13:22:43 MSD 2011


On Wed, 11 May 2011 13:44:32 +0530
Manoj Philip <manoj.philip at pipalresearch.com> wrote:

> Can we encrypt the configuration file of ejabberd. I don't want to
> make the administrator password put in as a text. I don't want to
> make administrator password known..?
Not without modifying the ejabberd code.

Anyway, what this would give you?  To make encryption of the
configuration file really matter, you need to enter a passphrase (or
provide some other sort of cryptographic token) each time the ejabberd
daemon starts which seems to be barely acceptable.  Another question is
why you don't trust people who have root access on your box anyway?

I think that if you're that paranoid, the proper way to go is using
LDAPS (note the trailing "S") and authenticate ejabberd users (admins
included) against a LDAP database.
The other way would be to use Kerberos via [1], but this is not a part
of ejabberd and hence such setup requires special maintenance.

In both these cases no passwords are stored on the machine running
ejabberd and passwords are either transferred over an encrypted link
(LDAPS) or not transferred at all (Kerberos).

1. http://www.ejabberd.im/cyrsasl_gssapi


More information about the ejabberd mailing list