Thursday, November 12, 2009

Jabber - an open source instant messaging

Jabber is an open instant messaging technology that anyone can use.

Jabber Server Setup on CentOS 5

Configuring and Installing jabber server

Install rpmforge repo

rpm -Uhv

Install necessary packages

yum -y install gcc-c++ vim-enhanced mysql-server mysql gcc mysql-devel libidn-devel make automake libtool tcpdump rsync crontabs vixie-cron php-mysql cyrus-sasl-devel expat-devel udns-devel

Install gsasl

cd /usr/src/
tar xvfz libgsasl-0.2.26.tar.gz
sudo make install

Add gsasl library ‘/usr/local/lib’ to

echo "/usr/local/lib" >> /etc/

Create Jabber User and Group

useradd jabber
passwd jabber

Getting Jabber Server


Uncompress sources

tar xvfj jabberd-2.2.0.tar.bz2


cd jabberd-2.2.0
./configure --prefix=/opt/jabber --enable-mysql --enable-ssl --enable-ldap --with-sasl=gsasl --enable-debug
sudo make install

mysql -u root -p < tools/db-setup.mysql
mysql -u root -p
GRANT select,insert,delete,update ON jabberd2.* to jabberd2 at localhost IDENTIFIED by 'jtest';

Add Jabberd2 library to

echo "/opt/jabber/lib/jabberd" >> /etc/

Customizing the jabberd server install

To customize the server, we first need to change to the jabberd directory by running the following command: cd /opt/jabber/etc/. Then we want to edit the sm.xml file so we follow the following steps as root:

• Open sm.xml in your favorite text editor
• Change the ID on the network from localhost to jabber.chatur.test (Make sure that jabber.chatur.test resolves)
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Scroll down to the User Options and uncomment the <auto-create/> tag. This allows users that are not registered on the server to register themselves.
• If you want to have a predefined userlist to populate all new users, scroll to the the end of the file and uncomment <roster>/opt/jabber/etc/templates/roster.xml</roster>. We will cover the contents of the roster.xml in a few minutes.

Once we are done editing, save sm.xml and exit the editor. Now we need to customize c2s.xml, so follow these steps as root:

• Open c2s.xml in your favorite text editor
• Scroll to the 'Local network configuration' section and change the <id> from localhost to jabber.chatur.test
• In order to able to login though Mac OS X iChat client, change the authentication mechanism under ‘sasl’ first comment out ‘digest-md5’ from <digest-md5 /> to <-- <digest-md5 /> --> and add ‘cram-md5’ instead <cram-md5 />
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Save and exit

This completes the configuration of the jabberd server. This gives us a basic jabber server that allows users to register themselves and chat with each other. However, if we want to have the ability to create chat rooms, we need to install some additional software called mu-conference. We will cover the installation of mu-conference momentarily.

Creating a default buddy list for new users

jabberd gives us the ability to create a template buddy list so that each new user has a default buddy list. This is very useful in environments where the administrator wants to make sure each user has all the important people in their buddy list without spending a lot of time adding each user manually.

The template file is located in the templates subdirectory and is called roster.xml. The file has the following format:

<query xmlns=’jabber:iq:roster’>
<item name=’Buddy Name’ jid=’JID@Host.domain’ subscription=’both’>

To add new users we need to uncomment the <item name> tag and add a new line for each user. For example if you wanted to add me to the default roster and my JID (Jabber ID) was chatur@jabber.chatur.test the entry for my name would look like this:

<item name='chatur' jid='chatur@jabber.chatur.test' subscription='both'>

The group field tells the client the group under which the entry is supposed to be stored. In this case chatur is being stored under the Support group. All entries need to be enclosed within the <query> </query> tag, so the complete file with one user would look something like:

<query xmlns=’jabber:iq:roster’>
<item name=’chatur’ jid=’chatur@jabber.chatur.test’ subscription=’both’>

Generating a Self-Signed SSL Certificate

Important: Key Is Self-Signed The key generated by the instructions below is self-signed. Such a key is not part of a trust hierarchy. When used to secure communications with Jabber clients, a self-signed key will usually cause warnings to appear because its authenticity cannot be verified against a trusted key.

Generate Key Pair

From a working directory, enter the command below to begin an interactive key generation process:

openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem

You will be prompted for a passphrase for the private key. After entering and confirming your passphrase, you will be prompted for public information about your key.

Note: Common Name Note that you should enter your domain name as the Common Name for your certificate.

Note: Key Lifetime Note that the command above creates a key with a 3650 day (10 year lifetime). To change the key lifetime, use a different number of days for the -days parameter.

Remove Passphrase

Enter this command to remove the passphrase from your private key:

openssl rsa -in privkey.pem -out privkey.pem

Combine the Private and Public Key

Enter this command to combine the private and public keys into a single file:

cat privkey.pem >> server.pem

Delete Private Key

You should now delete your private key:

rm privkey.pem

Move Key and Set Permissions

You can now move your key to its permanent location. For example, to move the key to the default Jabberd pemfile location, you would enter this command (as superuser):

mv server.pem /opt/jabber/etc/server.pem

Then, you should set permissions on this file so that it is owned by superuser and is readonly (as superuser):

chown root:jabber /opt/jabber/etc/server.pem
chmod 640 /opt/jabber/etc/server.pem

Your certificate is now ready for use by Jabberd. You should make a backup (such as to a floppy) of your certificate.