We want XMPP, so now we are experimenting with various servers running in alpha on Hephaestus. Service will be up and down as various configurations are tried.

this service is still in alpha, but will hopefully spin up to something awesome (possibly beta!).

jabberd2

next test!

ejabberd

this is my working, but not kerberized, version of ejabberd.

pros and cons versus other jabber setups

pros

• WORKS!
• fast, easy to configure
• SSL secure at all times, including auth

cons

• no kerberos support that I could get working
• erlang is REALLY ornery about syntax, and screwing up a single comma can spawn a process you have to kill manually

configuration

ejabberd is powered on erlang. it has a single configuration file /etc/ejabberd/ejabberd.cfg along with a cert in the same folder.

it uses PAM to authenticate.

use "# ejabberdctl" to get various information out of the server.

there is a nice web interface at https://hephaestus.ugcs.caltech.edu:5282 (it is secure) in which you can configure all sorts of convenient options.

ejabberd.cfg

be really careful when editing this file. forgetting things like commas makes erlang shit bricks. if you cannot start a process after editing the file, or you can't connect to the server/web interface, there's probably another process running in the background. use "ps ax | grep -iE "(ejabberd|beam)"" so you can kill -9 it.

there's some really helpful information in the file about how erlang processes lists and strings so you don't screw up the interpreter.

improvements

• the user database should be moved into its own postgre database when we permanently install the service.
• fix the SSL cert
• allow chatrooms
• the acl security settings need to be very carefully considered.
• there are various things we can monitor, both remotely and by wgeting the website statistics locally.
• single-file configuration is very easy to move to cfengine, so this will be rolled out using such.
• AIM/ICQ/IRC/GTalk transports
• assign xmpp.ugcs.caltech.edu CNAME
• user-configured ejabberd vhosts - through remctl

gssapi?

http://www.ejabberd.im/cyrsasl_gssapi describes how to recompile the software (which I have tried to do) with SASL support built in. it appears not to work, but that could be other configuration options. people on the website report having this work for them.

both Openfire and jabberd2 report having Kerberos support, yet I could not get former to work. the latter is still open to tries, I may attempt it at some point.

using pidgin

• Username: <ugcs username>
• Domain: ugcs.caltech.edu
• Login server: hephaestus.ugcs.caltech.edu
• Require SSL/TLS: yes
• login port: 5222