Authenticate Against SASL

Name: ejabberd_auth_sasl
Purpose: Allows authenticating against SASL
Author: axet
Type: Patch
Requirements: 1.1.2
Download: ejabberd_auth_sasl.diff

How to Apply the Patch

  1. Make sure you have the development files for SASL installed.

    • On Debian you must install the package libsasl2-dev.
  2. Go to the ejabberd source directory: ejabberd/src

  3. Download the patch to that directory

  4. Apply the patch:

    $ patch -p0 < ejabberd_auth_sasl.diff
    patching file
    patching file ejabberd.cfg.example
    patching file
    patching file sasl/ejabberd_auth_sasl.c
    patching file sasl/ejabberd_auth_sasl.erl
    patching file sasl/
    patching file aclocal.m4
  5. Regenerate 'configure':

    $ autoconf
  6. Execute 'configure':

    $ ./configure
    checking whether build sasl... yes
    config.status: creating sasl/Makefile
  7. Compile ejabberd:

    $ make
  8. Instruct ejabberd to use SASL authentication. To do that, edit ejabberd.cfg and modify the auth_mehtod depending on what you want to allow. For example:

    {auth_method, [sasl]}.
  9. Start ejabberd

Related Links

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Real SASL support?

Any chance that this module could find its way to becoming a real SASL module (as opposed to something that just calls libsasl2 to check passwords)? I actually want to be able to do GSSAPI, so I installed this, and was disappointed when I had to go read the code to find out that it doesn't actually implement SASL at all.


I'm implementing SASL GSSAPI support for ejabberd as a cyrsasl_gssapi module, which in turn uses esasl to authenticate the user instead of using the usual auth backends. I have already uploaded esasl as a patch to jungerl. Where should I upload the ejabberd module when it's ready?

Publish where you prefer

You can publish your contribution on the place you prefer: Bugzilla, blog, personal site, the forum, the mailing list...

Once the code is published, I add a page on Contributions and either link to the original file, or I upload it to this site.


The patches for GSSAPI support can be downloaded from:

They are compatible with SSO as implemented in Spark 2.5.3.

New configuration options:
{sasl_realm, "Kerberos realm"}.

The environment variable KRB5_KTNAME needs to be set before starting ejabberd.
It should contain the principal xmpp/FQDN, when FQDN is the fully qualified host name of the ejabberd server.

Nice! I've added a page to

Nice! I've added a page to describe your contribution: Authenticate Against SASL GSSAPI.

Feel free to edit that page and improve the text, fix links... :)

Syndicate content