#930 Documentation improvements for Cyrus SASL GSSAPI

Reporter Matthieu
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • Status-New
  • Type-Enhancement
  • Priority-Medium
  • Component-Docs
  1. Matthieu on

    What steps will reproduce the problem? 1. read the doc https://prosody.im/doc/cyrus_sasl What is the expected output? What do you see instead? A bit more doc What version of the product are you using? On what operating system? 0.9.12 on Ubuntu 16.04 Please provide any additional information below. When using the GSSAPI authentication method: * on the Kerberos KDC server, create a principal "xmpp/host_fqdn@EXAMPLE.COM" (host_fqdn must be the reverse DNS of your XMPP server, not its virtualhost name) * create a keytab with "xmpp/host_fqdn@EXAMPLE.COM" in, say, /etc/prosody/im.example.com.keytab that is readable only by prosody * in /etc/prosody/prosody.cfg.lua : set cyrus_service_realm to im.example.com and cyrus_server_fqdn to host_fqdn (the reverse DNS of your XMPP server) * in /etc/sasl/prosody.conf or /etc/sasl2/prosody.conf (more exactly, /etc/sasl/$cyrus_service_name.conf), put: pwcheck_method: saslauthd mech_list: GSSAPI keytab: /etc/prosody/im.example.com.keytab * its location does not seem to depend on the distribution (even in Ubuntu, for example, Prosody searches for both /etc/sasl/prosody.conf and /etc/sasl2/prosody.conf).

  2. MattJ on

    Hi Matthieu, Thanks for the report to improve our documentation. Nobody on the Prosody has deployment experience with Cyrus SASL. Prosody's code largely just reuses Cyrus SASL for everything. For example, when you say "Prosody searches for both /etc/sasl/prosody.conf and /etc/sasl2/prosody.conf" it is actually Cyrus SASL doing this searching, not our code. It seems like you have some knowledge on the subject however! If you are willing to share, we'd gladly accept changes. The source file for this page is simple Markdown and you can find it here: https://hg.prosody.im/site/file/tip/doc/cyrus_sasl.md If you're unfamiliar with Mercurial and patches, that is no problem - you can just send a new copy of the file.

    Changes
    • title SASL GSSAPI doc Documentation improvements for Cyrus SASL GSSAPI
    • tags Component-Docs

New comment

Not published. Used for spam prevention and optional update notifications.