Important: PAM authentication is included in ejabberd 2.0.0 and newer
Name: check_pam Purpose: Authenticate Against PAM with Python Author: Goedson Teixeira Paixao Type: Script Requirements: ejabberd 1.1.4 or older Download: ejabberd_pam_authentication.py, backup: ejabberd_pam_authentication.py
Don't forget to install the Python PAM library in your system.
Related Links
- Original publication: Ejabberd no Sarge usando PAM para autenticar
This script is broken
This script is broken at line 99:
(operation, user, host, password) = data.split(':')
The problem is that we do not know at this point if the operation is going to be auth or isuser. In the auth case, this is correct, but in the isuser case this will throw an exception that will confuse epmd and break authentication until a restart. The way to test this is simple: send a message to an offline user while this extauth is loaded, and you will expose this bug.
In my own heavily hacked-up offshoot of this script, I used an ugly try/except block to split on only operation,user,host if the above fails. Probably the best way is to split into a list, check list[0] for the operation, and give names only once you're inside the if/else block checking operation.
Re: The script is broken
If you're using python 2.4, you can test for the command first using
(operation,moredata)=data.split(':',1)
then in the check for auth
(user,host,password)=moredata.split(':')
and in the check for isuser
(user,host) = moredata.spllit(':')
Note: code is not tested.
When sending offline
When sending offline messages , users can no longer login and it hangs while trying to connect...