Hardware Authentication

Hello,

I wanted to know if there is a mechanism to enable hardware authentication with ejabberd.

I am running xmpp on an embedded hardware device and communicating with an ejabberd server. I only want to allow these devices to be able to establish a connection with the ejabberd. Is there a security mechanism within ejabberd that enables communication with only these "valid" devices?

Please let me know if there is a way to do this with ejabberd. Thank you.

Best regards,

Nadeem

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

ejabberd doesn't implement a

ejabberd doesn't implement a client-machine verification. Here are some alternative ideas.

The XMPP client logins to ejabberd:
1. in the standard port number 5222
2. using the standard XMPP authentication mechanism
3. providing a valid username
4. providing a valid server name
5. providing the valid password.

You can make login more complicated by:
1. move the ejabberd_c2s listener to a not standard port, like 2555
2. implement a custom auth mechanism both in ejabberd and in your clients
3. you can register a few accounts, tell the devices what account to use, and disable account registration in ejabberd
4. you can configure ejabberd to have {hosts, ["server123"]}. and then configure in the devices that server123 is associated to the IP address of the server machine.
5. implement a custom password verification system, where the passwords must be dynamically calculated both in ejabberd and the client machines, so only your devices are capable of providing a valid password.

The easier to do is 1, 3, and 4.

Syndicate content