powered by Jive Software

Web admin console security

Hi,

I´d like to know if there is a way to only allow ssl connection to the web admin console.

Also as a way to improve security i´d like to have an option to ban ip, that in a number of configured tries (3 or less) wrong guess´s the password, to prevent someone to hammer the login box, because this can be acessed anywhere on the world…

Thanks

i think there is an option to force ssl only connection to AC.

about hammering… i’'ve just setup my firewall so connections to Admin Console are accepted only from two IPs in combination with MAC addresses. Secure enough i think.

sometimes i mistype password for 3 times, and only after this i notice that a wrong input locale is selected:D

Well…the idea of having a web admin console is to provide a world wide acess, right ?

I can admin the jive anywhere in the world, and having the all the ip´s where i can or could be doesn´t sounds very…praticable…

Firewall solution sounds more of a work around than a solution itself.

I think it would be nice to have such a protection on the admin console as well another thing that come to my mind…

Can we change the “admin” user to something else ? That would add another level of security…

Thanks

Can we change the “admin” user to something else ?

That would add another level of security…

Thanks

Yep, this is set in the XML configuration file. You can enter in the list of users allowed to log into the admin console.

Regards,

Matt

And the password for the new user is configured where ?

Thanks

well, i must agree with you:) Though i’‘m using AC only from one PC, because it’'s convinient, and you dont have to be physically sitting in front of server:) And you dont have to put any graphical environments or browser to server. So, firewall is good for me, for know:)

So, maybe dev’‘s could add some Security tab to Admin Console, so anyone will be able to control such options as password input tries, banning/unbanning IP’'s, setting Admin Console logout timeout, setting admins and etc. Could be convinient to have all this in one place? Or maybe it should be editable only in config file, if talking about security?

well, what is the pass or where do we setup the alternate user it in case we disable admin user ?

Do you plan to have a security to the admin console like i descrived ?

Thanks

Hey jcorreia,

In the jive-messenger.xml file you can define/change the property adminConsole.authorizedUsernames to include the name of the users allowed to log into the admin console. The configuration file has a comment explaining how to use this property.

Take in consideration that the usernames should be existing users in the server (ie. users that may log into the server using any XMPP client). And the password to use for loging into the admin console is the same password that the user would use from the XMPP client.

FYI, one of our ideas regarding the admin console is to add ACL support.

Regards,

– Gato

Thanks