Aron1
August 19, 2007, 1:05pm
1
Hello everyone,
I have recently discovered openfire, and I must say I’m very impressed.
After jabberd1, jabberd2 and ejabberd Installing and configuring openfire seemed as simple as typing go!
congrats!
However I have two questions I’d like to ask.
firstly:
how do I restrict access to the web interface?
I have disabled the port 9090 unencrypted interface. that was simple.
I now have the 9091 encrypted interface working.
what I really want however is that the openfire web interface only listens on 127.0.0.1
how can I do this?
Secondly, I’d like to have all system users automatically be able to use openfire and I’d like to authenticate against system passwords (PAM).
I have found a few post on this topic, but they all seem to invole
resources/nativeAuth/linux-i386/libshaj.so
and I’m on an AMD64 System.
any answers are much appreciated.
thank you,
Aron
wroot
August 19, 2007, 6:38pm
2
you can block acess with a firewall
Aron1
August 21, 2007, 9:22am
3
That is quite plainly the WRONG way to do it.
I’m sorry but one has to be able to tell the programme only to listen on a certain interface.
A Firewall should only be extra protection. Every other server daemon can be set to a certain IP only. I can’t believe that Openfire cannot.
sorry
aleph0
wroot
August 21, 2007, 5:32pm
4
I didnt said that this is the only right solution. Though i dont see anything that wrong in it. Maybe these threads can give more info:
It is sometime useful to “secure” the admin interface, for example, having the XMPP service to bind to a public IP address, and the admin interface to bind only to localhost, or to an intranet address. I use this to proxy-pass the admin console...
I know how to bind the client ports, however I’'d like to know how to bind the admin console as well as the server ports / component ports. I have tried with adminConsole.interface, it did not work. /etc/hosts has the server name pointed to the...
Just add this in your conf/openfire.xml
Aron1
August 21, 2007, 6:23pm
6
Thank you aznidin.
That worked well.
and apologies to wroot, I didn’t mean to sound cranky. It’s just that this happens all the time when I try to restrict a service to a sertain ip.
My server is secure and I have no firewall
Of course a firewall is a good thing but many people have forgotten that you should be able to go without. it’s an added filter.
thank you both,
aleph0
PS any idea on PAM on AMD64?
Aron1
August 23, 2007, 1:30pm
7
We have given up on PAM and created a seperate user database for jabber.
As far as I’m concerned, I hereby close this thread.
thank you all,
aleph0
I’ve had no experience seting up openfire for PAM, so I can’t help you much. Sorry to hear that you have to give up. You’ve probably gone through the “More Like This” section on the right side of this thread page but found no answers. Perhaps you want to watch this thread for a few more days in case someone else could suggest a solution.