[jdev] x509 client authorization

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Sun Mar 28 12:22:33 CST 2004

I have been able to authenticate using x509, but between servers.  It's the 
same for clients though.

If you do it, just make sure you follow the standard, which is to provide the 
certificate via the TLS handshake, and use the SASL "EXTERNAL" mechanism to 
signify that the cert is to be used for authentication.  This is all part of 
XMPP 1.0.

You mention jabberd, but not the version.  You'll have better luck with this 
in jabberd2, as it already supports XMPP 1.0.  I don't recommend trying to 
retrofit this onto jabberd1.


On Sunday 28 March 2004 4:00 am, Ian Stokes-Rees wrote:
> I am interested to contributing to effort to put x509 client
> authorization into jabberd.  I have a fair bit of experience with x509
> digital certificates.  I just want to link up with whoever might have
> already begun this effort.
> Cheers,
> Ian.

More information about the JDev mailing list