Robert Norris wrote:
I'll read that as: Use the one built in the standered, not SASL as it is not in any clients. So I ask, Anyone know how to interface with SASL password files? I am guessing they are based on Unix Password Files.1) Can the User Registration that is built into SASL be used to join a Jabber Server or must the Jabber Registration system (as stated in http://www.jabber.org/protocol/registration.html ) be used? I ask because SASL has built in registration and authentication, and I am unsure how to tap into the SASL password files.
This hasn't really been discussed in any detail. I would suggest joining the XMPP working group and bringing this question up there: http://www.jabber.org/cgi-bin/mailman/listinfo/xmppwg/
2) How felxable should a server be in the order of receved elements? Should a server be hard line on receving elements in the order listed, or should it be more open in the ordering, so long as all required elements are there?
I'm not sure what you mean by this. Can you provide an example?
<message to='receve-id' from='send-id'> fexable - Accept this code hard line - elements not in correct order, dump line.
Well, not for everyone, but all server and clients that support SASL must use it with a minimum level of encription. And then make sure that EVERYONE starts including SASL. It is very easy to include IFF (if and only if) you use the cyrus SASL code relesed by Carnegie Mellon University.3) Has anyone else thought that all servers should require SASL encription level of at least 40 (read 40 bit encription), and that with this there should be an addition to Jabber:Server:DialBack and SASL so that Server to server comunications are encripted, because what is the good of a message that is only encripted some of the time.
For backwards compatibility reasons, its not possible to enforce the use of SASL (and I doubt it ever will be). For guaranteed end-to-end security, its necessary to encrypt individual packets using GPG (or similar). The XMPP working group are actively pursuing these issues. I suggest you subscribe to the list and get involved :) Rob.
Matt
SyOpReigm
http://www.Reigm.Com
http://sourceforge.net/projects/rjserver/
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
