1. Jabber Admin
1.1. Jabber Daemon
We use ejabberd
1.2. Erlang Cookie
All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie.
1.3. SSL Certificate
We require TLS communication with the jabber daemon to avoid exposing Kerberos passwords.
When installing a new node make sure to copy /etc/ejabberd/ejabberd.pem from another node. The current certificate is valid until 2018 and signed by the HCoop CA.
1.4. Firewall
The IANA service names xmpp-client (port 5222) and xmpp-server (port 5269) must be open to the world at large.
Port 4369 (epam) must be open to all other ejabberd nodes, but should not be open to the world at large.
1.5. PAM Configuration
TODO