powered by Jive Software

Authentication::Active Directory Vs. Linux PAM,JPAM,NIS, JRADIUS


I would like to know which direction Jive messenger is going when it comes to authentication. I know that Jive support LDAP but does it support Active Directory authentication? Jive does not have explicit support for PAM while there is JPAM through which one can use a lot of PAM authentication including NIS. There is also support FROM Jradius for Jive Messenger.

http://sourceforge.net/project/showfiles.php?group_id=125436&package_id=149466&r elease_id=319258

Since we don’‘t use radius server for our user authentication, I can’‘t use Jradius. First I am thinking of using jive with linux user data base, however I only have limited knowledge of coding. I have to look for the other option. Then I find some thread asking Active Directoy issue (which I thought has better support than Linux’'s Pam because Jive truly support LDAP). We are also planning to migrate to Active directory.

So my request would be:

Could you please tell me where is Jive Heading in terms of Active Directory and Linux’'s PAM?

Where can I read more about Jive and Active Directory?

Does Jive’'s support for LDAP mean that Jive will support Active Directory?

I would really appreciate if someone can answer me before tomorrow(8-10-05) 12:00pm Pacific time because at that time I will be in IT meeting where I plan to talk a bit about how my project on Instant Messaging with Jive is going. I also welcome all suggestions which I cannot bring into the meeting.



JM supports LDAP authentication and pulling user and group information from LDAP. LDAP is built into Windows 2000/2003 as a way to access data in Active Directory. So while JM doesn’'t support Active directory Directly, it does indirectly through LDAP

JM doesn’'t currently have any support for PAM authentication.

There is a PAM authentication module for LDAP. And I think there are ways to migrate from the linux user database into an LDAP server. So you could migrate into an all LDAP authentication system without migrating to Active Directory.



It would be relatively easy to introduce PAM support to Jive Messenger using JPam.

The AuthProvider interface authenticate method maps directly to JPams Pam class authenicate method.

You would have to register your PAMAuthProvider by changing the JM property “provider.auth.className” to your PAMAuthProvider class.

The rest is JPam configuration.

Hope that helps,


I’'m hoping to get PAM support in place for 2.2.1. Please see JM-201 and be sure to vote for it.




I already have voted it long ago.



I have been instructed to go with LDAP and Active Directory. However I still wants the developer to work on JPAM. One of the reason for not linking with Linux Account is the security issue of Jive Messenger keeping the password in plain text.

Otherwise I would be glad to go with the Open Source software. I have posted a new thread for that issue.



There is built-in support for PAM authentication in the FreeRADIUS server. You can easily use that in conjuntion with the Jive JRadius client to authenticate against PAM.

Hope this helps…


That is what we’'re doing right now, and it works quite well actually. However, it does create a dependency on RADIUS, which is unneeded through the rest of out network.

I for one will be happy when PAM is directly supported and we can kick RADIUS out the door.