I've used sasl external on openfire with a nodejs client recently and blogged about it: http://servicelab.org/2012/04/26/how-to-use-xmpp-sasl-external-with-node-js/

My experience is that maneging the certicicates is not that easy. Also it doesnt help that the certificates need to be server signed as well. 

Hope this helps. 

Br. Eelco

Sent from my mobile phone

On 13 mrt. 2013, at 16:07, "Thomas Nichols" <tnichols@enernoc.com> wrote:

Can anyone speak from experience on using SASL EXTERNAL for c2s connections?  E.g. A client authenticating with a certificate rather than a password.  Certificates seem more appropriate for managing many IoT cases.

I can't find much — or any — information on SASL EXTERNAL support for most of the common servers and client implementations.  So has anyone used certificate auth for XMPP clients?  I'm particularly interested in the more common open source clients and servers – Smack, OpenFire, ejabberd, Prosody but any first-hand knowledge would be helpful.

Thanks in advance.
-Thom

This email and any information disclosed in connection herewith, whether written or oral, is the property of EnerNOC, Inc. and is intended only for the person or entity to which it is addressed.  
This email may contain information that is privileged, confidential or otherwise protected from disclosure.  
Distributing or copying any information contained in this email to anyone other than the intended recipient is strictly prohibited.
_______________________________________________
IOT mailing list
IOT@xmpp.org
http://mail.jabber.org/mailman/listinfo/iot

This e-mail and its contents are subject to the DISCLAIMER at http://www.tno.nl/emaildisclaimer