powered by Jive Software

XMPP Cleartext Authentication

Openfire 4.1

Spark 2.8.0

I am using LDAP authentication to bring in users and groups from my Active Directory. I’ve just had a nessus scan and I have a finding:

"The remote Extensible Messaging and Presence Protocol (XMPP) service

supports one or more authentication mechanisms that allow credentials

to be sent in the clear.

The proposed solution:

Disable cleartext authentication mechanisms in the XMPP configuration.

However, I’ve read in another posting that doing so will kill my LDAP authentication with Active Directory. Is this true, and if so; do you have any suggestions how I bring the install ‘compliant’ and still use AD as my source and authenticator?



Anyone have any solutions for this please?

See XMPP Cleartext authentication detected as security issue