welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
First name of the current Debian Project Leader

Revision 4 as of 2011-03-09 20:23:18

Page Locked

DaemonAdmin / EJabberD

1. Jabber Admin

1.1. Jabber Daemon

We use ejabberd

All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie.

1.3. SSL Certificate

We require TLS communication with the jabber daemon to avoid exposing Kerberos passwords.

When installing a new node make sure to copy /etc/ejabberd/ejabberd.pem from another node. The current certificate is valid until 2018 and signed by the HCoop CA.

1.4. Firewall

The IANA service names xmpp-client (port 5222) and xmpp-server (port 5269) must be open to the world at large.

For ferm: 

proto tcp dport (xmpp-client xmpp-server) ACCEPT;

Port 4369 (epam) must be open to all other ejabberd nodes, but should not be open to the world at large. Unfortunately this requires maintaining a list of IPs at present (we really should rewrite fwtool). 

proto tcp daddr (...) dport 4369 ACCEPT;

1.5. PAM Configuration

TODO

CategorySystemAdministration