A few days ago I decided that I want to run my own XMPP (jabber) server. Since I don't want to have another user database I searched for a solution to reuse my current e-mail database.
Luckily dovecot (my e-mail deamon) already supports this. Dovecot has a feature called SASL which allows other software to ask dovecot if a given user name and password is valid.
I first tried ejabberd (Community). Ejabberd does not support dovecot SASL by itself, but there are external scripts to authenticate users. There also is already a perl script which uses dovecot, but it didn't worked so well for me (From the current point of view: I didn't tried hard enough).
So instead I decided to use a python script which uses a MySQL backend. True, now I didn't use dovecot :(, but since dovecot itself uses a MySQL database to store all user, I still had the central user storage. I had to change quite a bit till the script worked; but still, it crashed quite often.
An additional problem was that if the script crashes the next authentication will fail and ejabberd logs the user password! (regardless of the log level) The user will see a wrong password message (even if the password is correct), and then ejabberd restarts the script.
Well, that seems wrong and so I decided to try a different XMPP server.
The setup worked quite well the only problem was that dovecot SASL always denied the authentication. It needed quite some code digging and "discussions" (telnet) with the dovecot SASL to isolate the problem:
According to the dovecot authentication protocol a user should ask for authentication by sending following request:
AUTH <id> PLAIN service=<service> resp=<base64>
id is just an identifier,
service is the service requesting authentication and
base64 the encoded username and password.
Now looking at the output from
AUTH 1 PLAIN service=xmpp resp=AFRoaXNJc1RvdGFsbHlNeUVtYWlsQWRkcmVzc0FuZFBhc3N3b3Jk
Well everything looks fine, the problem is, my dovecot configuration denies the authentication for unknown services. Sadly I didn't found out how to accept the xmpp service (If you know this, please let me know it).
So instead I modified
mod_auth_dovecot to output
imap as service instead of
This should not have any side effects because the request is only for authentication and nothing else.
So the services which does the request doesn't matter.
Right now I use prosody with my 2 character modification and it works quite well. I know it's not the best way, but the easiest.
XMPP-Logo: Licensed under MIT