AnsweredAssumed Answered

Offering Other SASL Modes to Clients

Question asked by David Mueller on May 11, 2017
Latest reply on May 19, 2017 by Craig Huckabee

I've been trying to resolve a Nagios plugin 87736 "XMPP Cleartext Authentication" finding for a while. I have STARTTLS set to required so I couldn't figure out while I was getting this. Instructions I'd previously found for this plugin didn't seem to help, and setting sasl.mechs to EXTERNAL seemed to break things completely and my XMPP client couldn't connect. Most of my users are using Pidgin or Adium. This morning I noticed the "SASL Mechanisms" configuration GUI in the Registration & Login section and saw that only PLAIN and EXTERNAL were being offered to clients but all have the implementation available. What I can't figure out is how to make other modes offered to clients; I'm hoping if I can do that I can disable PLAIN and resolve the Nagios finding.

 

My server is running on CentOS 6.9 64-bit:

Openfire Version: 4.1.4 (installed from 64-bit RPM from Ignite Realtime website)

Java Version: 1.8.0_131 Oracle Corporation -- Java HotSpot(TM) 64-Bit Server VM

Appserver: jetty/9.2.z-SNAPSHOT

 

Any suggestions would be appreciated. Thanks.

Outcomes