Mercurial > prosody-modules
view mod_s2s_auth_fingerprint/README.markdown @ 5170:4d6af8950016
mod_muc_moderation: Derive role from reserved nickname if occupant
When using a different client to moderate than the one used to
participate in the chat, e.g. a command line tool like clix, there's no
occupant and no role to use in the permission check. Previously the
default role based on affiliation was used. Now if you are present in
the room using your reserved nick, the role you have there is used in
the permission check instead of the default affiliation-derived role.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 19 Feb 2023 18:17:37 +0100 |
| parents | 8de50be756e5 |
| children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' - 'Type-S2SAuth' summary: Fingerprint based s2s authentication ... Introduction ============ This module allows you to manually pin certificate fingerprints of remote servers. Details ======= Servers not listed in the configuration are not affected. Configuration ============= After installing and enabling this module, you can put fingerprints of remote servers in your config like this: ``` {.lua} s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" s2s_trusted_fingerprints = { ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; ["matthewwild.co.uk"] = { "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; }; } -- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too s2s_secure_domains = { "jabber.org"; } ``` Compatibility ============= ------- -------------- trunk Works 0.9 Works 0.8 Doesn't work ------- --------------