A new feature of ejabberd 2 is built-in PAM support. This can make adding jabber service with ejabberd to a simple server as easy as adding mail service is with dovecot. I'm not sure the best way to include all the bits here, so I'll attach a patch for the .spec and mention other changes. For ejabberd.cfg: -%%{pam_service, "pamservicename"}. +%%{pam_service, "ejabberd"}. and an ejabberd.pam file for SOURCES: #%PAM-1.0 auth include system-auth account include system-auth I would not suggest uncommenting this by default as the administrator ought to consider the security implications. It might even be wise to make a note that TLS really ought to be enabled before doing this, though we don't prevent people from shooting themselves in the foot with, e.g. dovecot with plain IMAP. Things I haven't addressed here: 1. Whether the PAM file is appropriate. It works, but did I forget something important? Is there a way to limit UID's < 500 in pam files? Authentication tries? 2. Any SELinux stuffs. 3. Somebody sanity check the priv/bin/epam permissions. I followed the advice from the ejabberd manual for secure use (oh, this is the privilege separation thingy). And all the things I didn't think to think of. However, functionally, this does appear to work as advertised on my server. No user registration is required, and only valid passwords authenticate.
Created attachment 310236 [details] ejabberd.spec patch to add PAM bits
Thanks for your work. I'll review it ASAP.
ejabberd-2.0.2-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/ejabberd-2.0.2-1.fc8
ejabberd-2.0.2-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ejabberd-2.0.2-1.fc9
ejabberd-2.0.2-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ejabberd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-7657
ejabberd-2.0.2-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ejabberd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7637
ejabberd-2.0.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
ejabberd-2.0.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.