powered by Jive Software

Restricting access to web interface and PAM authentication

Hello everyone,

I have recently discovered openfire, and I must say I’m very impressed.

After jabberd1, jabberd2 and ejabberd Installing and configuring openfire seemed as simple as typing go!


However I have two questions I’d like to ask.


how do I restrict access to the web interface?

I have disabled the port 9090 unencrypted interface. that was simple.

I now have the 9091 encrypted interface working.

what I really want however is that the openfire web interface only listens on

how can I do this?

Secondly, I’d like to have all system users automatically be able to use openfire and I’d like to authenticate against system passwords (PAM).

I have found a few post on this topic, but they all seem to invole


and I’m on an AMD64 System.

any answers are much appreciated.

thank you,


you can block acess with a firewall

That is quite plainly the WRONG way to do it.

I’m sorry but one has to be able to tell the programme only to listen on a certain interface.

A Firewall should only be extra protection. Every other server daemon can be set to a certain IP only. I can’t believe that Openfire cannot.



I didnt said that this is the only right solution. Though i dont see anything that wrong in it. Maybe these threads can give more info:

Just add this in your conf/openfire.xml

Thank you aznidin.

That worked well.

and apologies to wroot, I didn’t mean to sound cranky. It’s just that this happens all the time when I try to restrict a service to a sertain ip.

My server is secure and I have no firewall

Of course a firewall is a good thing but many people have forgotten that you should be able to go without. it’s an added filter.

thank you both,


PS any idea on PAM on AMD64?

We have given up on PAM and created a seperate user database for jabber.

As far as I’m concerned, I hereby close this thread.

thank you all,


I’ve had no experience seting up openfire for PAM, so I can’t help you much. Sorry to hear that you have to give up. You’ve probably gone through the “More Like This” section on the right side of this thread page but found no answers. Perhaps you want to watch this thread for a few more days in case someone else could suggest a solution.