0 Replies Latest reply on Mar 27, 2017 1:49 PM by Richard Darlington

    XMPP Cleartext Authentication

    Richard Darlington

      Openfire 4.1

      Spark 2.8.0

       

      I am using LDAP authentication to bring in users and groups from my Active Directory.  I've just had a nessus scan and I have a finding:

      "The remote Extensible Messaging and Presence Protocol (XMPP) service

      supports one or more authentication mechanisms that allow credentials

      to be sent in the clear.

       

      The proposed solution:

      Disable cleartext authentication mechanisms in the XMPP configuration.

       

      However, I've read in another posting that doing so will kill my LDAP authentication with Active Directory.  Is this true, and if so; do you have any suggestions how I bring the install 'compliant' and still use AD as my source and authenticator?

       

      Thanks,

      Rich