Jabber is an open instant messaging technology that anyone can use.
Jabber Server Setup on CentOS 5
Configuring and Installing jabber server
Install rpmforge repo
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
Install necessary packages
yum -y install gcc-c++ vim-enhanced mysql-server mysql gcc mysql-devel libidn-devel make automake libtool tcpdump rsync crontabs vixie-cron php-mysql cyrus-sasl-devel expat-devel udns-devel
Install gsasl
cd /usr/src/
wget ftp://alpha.gnu.org/pub/gnu/gsasl/libgsasl-0.2.29.tar.gz
tar xvfz libgsasl-0.2.26.tar.gz
./configure
make
sudo make install
Add gsasl library ‘/usr/local/lib’ to ld.so.conf
echo "/usr/local/lib" >> /etc/ld.so.conf.d/usr-local-lib.conf
ldconfig
Create Jabber User and Group
su
useradd jabber
passwd jabber
Getting Jabber Server
wget http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.2.0.tar.bz2
Uncompress sources
tar xvfj jabberd-2.2.0.tar.bz2
Configure
cd jabberd-2.2.0
./configure --prefix=/opt/jabber --enable-mysql --enable-ssl --enable-ldap --with-sasl=gsasl --enable-debug
make
sudo make install
mysql -u root -p < tools/db-setup.mysql
mysql -u root -p
GRANT select,insert,delete,update ON jabberd2.* to jabberd2 at localhost IDENTIFIED by 'jtest';
Add Jabberd2 library to ld.so.conf
echo "/opt/jabber/lib/jabberd" >> /etc/ld.so.conf.d/jabberd2.conf
ldconfig
Customizing the jabberd server install
To customize the server, we first need to change to the jabberd directory by running the following command: cd /opt/jabber/etc/. Then we want to edit the sm.xml file so we follow the following steps as root:
• Open sm.xml in your favorite text editor
• Change the ID on the network from localhost to jabber.chatur.test (Make sure that jabber.chatur.test resolves)
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Scroll down to the User Options and uncomment the <auto-create/> tag. This allows users that are not registered on the server to register themselves.
• If you want to have a predefined userlist to populate all new users, scroll to the the end of the file and uncomment <roster>/opt/jabber/etc/templates/roster.xml</roster>. We will cover the contents of the roster.xml in a few minutes.
Once we are done editing, save sm.xml and exit the editor. Now we need to customize c2s.xml, so follow these steps as root:
• Open c2s.xml in your favorite text editor
• Scroll to the 'Local network configuration' section and change the <id> from localhost to jabber.chatur.test
• In order to able to login though Mac OS X iChat client, change the authentication mechanism under ‘sasl’ first comment out ‘digest-md5’ from <digest-md5 /> to <-- <digest-md5 /> --> and add ‘cram-md5’ instead <cram-md5 />
• Change the MYSQL database passwaed from<pass>secret</pass> to <pass>jtest</pass>
• Save and exit
This completes the configuration of the jabberd server. This gives us a basic jabber server that allows users to register themselves and chat with each other. However, if we want to have the ability to create chat rooms, we need to install some additional software called mu-conference. We will cover the installation of mu-conference momentarily.
Creating a default buddy list for new users
jabberd gives us the ability to create a template buddy list so that each new user has a default buddy list. This is very useful in environments where the administrator wants to make sure each user has all the important people in their buddy list without spending a lot of time adding each user manually.
The template file is located in the templates subdirectory and is called roster.xml. The file has the following format:
<query xmlns=’jabber:iq:roster’>
<!--
<item name=’Buddy Name’ jid=’JID@Host.domain’ subscription=’both’>
<group>BuddyGroup</group>
</item>
-->
</query>
To add new users we need to uncomment the <item name> tag and add a new line for each user. For example if you wanted to add me to the default roster and my JID (Jabber ID) was chatur@jabber.chatur.test the entry for my name would look like this:
<item name='chatur' jid='chatur@jabber.chatur.test' subscription='both'>
<group>Support</group>
</item>
The group field tells the client the group under which the entry is supposed to be stored. In this case chatur is being stored under the Support group. All entries need to be enclosed within the <query> </query> tag, so the complete file with one user would look something like:
<query xmlns=’jabber:iq:roster’>
<item name=’chatur’ jid=’chatur@jabber.chatur.test’ subscription=’both’>
<group>Support</group>
</item>
</query>
Generating a Self-Signed SSL Certificate
Important: Key Is Self-Signed The key generated by the instructions below is self-signed. Such a key is not part of a trust hierarchy. When used to secure communications with Jabber clients, a self-signed key will usually cause warnings to appear because its authenticity cannot be verified against a trusted key.
Generate Key Pair
From a working directory, enter the command below to begin an interactive key generation process:
openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
You will be prompted for a passphrase for the private key. After entering and confirming your passphrase, you will be prompted for public information about your key.
Note: Common Name Note that you should enter your domain name as the Common Name for your certificate.
Note: Key Lifetime Note that the command above creates a key with a 3650 day (10 year lifetime). To change the key lifetime, use a different number of days for the -days parameter.
Remove Passphrase
Enter this command to remove the passphrase from your private key:
openssl rsa -in privkey.pem -out privkey.pem
Combine the Private and Public Key
Enter this command to combine the private and public keys into a single file:
cat privkey.pem >> server.pem
Delete Private Key
You should now delete your private key:
rm privkey.pem
Move Key and Set Permissions
You can now move your key to its permanent location. For example, to move the key to the default Jabberd pemfile location, you would enter this command (as superuser):
mv server.pem /opt/jabber/etc/server.pem
Then, you should set permissions on this file so that it is owned by superuser and is readonly (as superuser):
chown root:jabber /opt/jabber/etc/server.pem
chmod 640 /opt/jabber/etc/server.pem
Your certificate is now ready for use by Jabberd. You should make a backup (such as to a floppy) of your certificate.
Thursday, November 12, 2009
Subscribe to:
Posts (Atom)
