Private Key/Public Key Authentication Schemes with Openfire

Hi all,

Does anyone have experience implementing public key authentication for logins in Openfire? I would like for this to happen when a user attempts to logon:

Log on with Openfire username + password (if necessary) but authenticate with RSA or some other public-private key pair.(Something akin to SSH security.)

Basically, we want a given Openfire user to be tied to a specific machine. If there are alternatives with Openfire, please feel free to suggest them!



Openfire supports the EXTERNAL authentication method in SASL, which does verification via SSL certificate (which is PubKey Auth akin to ssh). PKI is a very popular authentication scheme, so there are lots of products out there that work with it. Spark also has support for this, though it is not well documented. In terms of tieing an account to a machine- well that can only be done as well as you can tie down certain files to a machine.