Using PAM Authentication With Jabberd

about | archive

[ 2004-June-13 21:29 ]

Here is a quick tip that I hope will save someone else some time: If you are using the jabberd server for setting up Jabber instant messaging, and you want users to authenticate using their Unix passwords, you need to enable PAM. The Installation and Administration guide has a brief paragraph describing how to use PAM in section 5. However, they forgot to mention that you must disable digest authentication. Digest authentication is nice in that it doesn't send your password in plain text over the wire. However, it is bad in that the server must store your plain text password. Since Unix only stores password hashes in /etc/shadow, digest won't work. So go and edit your /etc/jabberd/c2s.xml file and comment out the <digest/> element under <traditional>. Update: It turns out I was wrong: Jabberd will automatically disable authentication mechanisms that are not supported by the password databases that are currently enabled. The problem was a bug in my client, which I had to patch.