welcome: please sign in

The following 98 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
Admin   Administration   all   All   and   another   at   avoid   be   but   by   Category   caution   Certificate   certificate   client   communication   Configuration   cookie   Cookie   Coop   copied   copy   current   daddr   daemon   Daemon   default   dport   ejabberd   epam   erlang   Erlang   etc   exposing   ferm   Firewall   For   from   fwtool   have   http   im   installing   is   Jabber   jabber   Kerberos   large   list   maintaining   make   must   names   new   node   nodes   not   of   one   open   other   passwords   pem   port   Port   present   proto   Ps   really   replace   require   requires   rewrite   same   server   service   should   signed   sure   System   tcp   The   the   this   to   Unfortunately   until   use   valid   We   we   When   wiki   with   world   www   xmpp  

Clear message


1. Jabber Admin

1.1. Jabber Daemon

We use ejabberd

All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie.

1.3. SSL Certificate

We require TLS communication with the jabber daemon to avoid exposing Kerberos passwords.

When installing a new node make sure to copy /etc/ejabberd/ejabberd.pem from another node. The current certificate is valid until 2018 and signed by the HCoop CA.

1.4. Firewall

The IANA service names xmpp-client (port 5222) and xmpp-server (port 5269) must be open to the world at large.

For ferm:

proto tcp dport (xmpp-client xmpp-server) ACCEPT;

Port 4369 (epam) must be open to all other ejabberd nodes, but should not be open to the world at large. Unfortunately this requires maintaining a list of IPs at present (we really should rewrite fwtool).

proto tcp daddr (...) dport 4369 ACCEPT;   

1.5. PAM Configuration



JabberAdmin (last edited 2011-03-09 20:23:18 by ClintonEbadi)