We can currently login to the https port via bosh with any username and no password. If you provide a password, it seems to authenticate against the list of users ok (refusing wrong password, accepting correct password). If the user does not provide a password or provides a username not defined in the system, we want this to be refused. At the same time, we want to leave tcp port 5222 completely open so you can provide any username and not require a password.
The config file currently contains:
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5280
module: ejabberd_http
web_admin: true
http_poll: true
http_bind: true
captcha: true
certfile: "/usr/local/ejabberd/ejabberd.pem"
tls: true
host_config:
<ipaddress>:
auth_method:
- internal
- anonymous
anonymous_protocol: both
