Mercurial > prosody-wiki
annotate mod_s2s_auth_fingerprint.wiki @ 511:9cf5a22e30a1
allow_unencrypted_plain_auth is not required
author | MWild1@gmail.com |
---|---|
date | Fri, 03 Apr 2015 00:57:11 +0000 |
parents | 171663daa144 |
children |
rev | line source |
---|---|
330 | 1 #summary Fingerprint based s2s authentication |
414 | 2 #labels Stage-Alpha, Type-S2SAuth |
330 | 3 |
4 = Introduction = | |
5 | |
451
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
6 This module allows you to manually pin certificate fingerprints of remote servers. |
399
c35cf2a46b78
mod_s2s_auth_fingerprint: Describe cert pinning mode
Kim Alvefur <zash@zash.se>
parents:
363
diff
changeset
|
7 |
c35cf2a46b78
mod_s2s_auth_fingerprint: Describe cert pinning mode
Kim Alvefur <zash@zash.se>
parents:
363
diff
changeset
|
8 = Details = |
c35cf2a46b78
mod_s2s_auth_fingerprint: Describe cert pinning mode
Kim Alvefur <zash@zash.se>
parents:
363
diff
changeset
|
9 |
c35cf2a46b78
mod_s2s_auth_fingerprint: Describe cert pinning mode
Kim Alvefur <zash@zash.se>
parents:
363
diff
changeset
|
10 Servers not listed in the configuration are not affected. |
330 | 11 |
12 = Configuration = | |
13 | |
419
fdff0de712a7
mod_s2s_auth_fingerprint: Describe how to change the digest. (thanks hardfalcon)
Kim Alvefur <zash@zash.se>
parents:
414
diff
changeset
|
14 After installing and enabling this module, you can put fingerprints of remote servers in your config like this: |
330 | 15 |
16 {{{ | |
419
fdff0de712a7
mod_s2s_auth_fingerprint: Describe how to change the digest. (thanks hardfalcon)
Kim Alvefur <zash@zash.se>
parents:
414
diff
changeset
|
17 s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" |
330 | 18 s2s_trusted_fingerprints = { |
363
4a39ef28e2d9
slight change and fix syntax error in example config
Kim Alvefur <zash@zash.se>
parents:
330
diff
changeset
|
19 ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; |
330 | 20 ["matthewwild.co.uk"] = { |
21 "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; | |
22 "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; | |
23 }; | |
24 } | |
451
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
25 |
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
26 -- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too |
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
27 s2s_secure_domains = { |
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
28 "jabber.org"; |
171663daa144
mod_s2s_auth_fingerprint: remove info about pinning, this is the default now
Kim Alvefur <zash@zash.se>
parents:
419
diff
changeset
|
29 } |
330 | 30 }}} |
31 | |
32 = Compatibility = | |
33 | |
34 ||trunk||Works|| | |
35 ||0.9||Works|| | |
399
c35cf2a46b78
mod_s2s_auth_fingerprint: Describe cert pinning mode
Kim Alvefur <zash@zash.se>
parents:
363
diff
changeset
|
36 ||0.8||Doesn't work|| |
330 | 37 |