Difference between revisions of "Services:Chat"

From Kosmos Wiki
Jump to navigation Jump to search
(Add section about SASL being disabled once we switch to auth using LDAP)
(Undo revision 665 by Greg (talk))
Tag: Undo
Line 23: Line 23:
;In-band Registration
;In-band Registration
: Closed
: Closed
=== Caveats ===
==== No SASL with LDAP ====
We are going to switch over the [[Services:Accounts|accounts to use LDAP]]. This has no happened yet, you will receive an email when that happens with a unique generated password and instructions to change it.
The LDAP implementation in ejabberd doesn't support SASL authentication.
<blockquote>You can authenticate users against an LDAP directory. '''Note that current LDAP implementation does not support SASL authentication'''.<ref>[https://docs.ejabberd.im/admin/configuration/#ldap-authentication Configuring ejabberd, LDAP Authentication].</ref>:</blockquote>
The implication is that '''the user does not send a salted & hashed password''' to ejabberd, so the ejabberd process has access to a user's password and sends it over to the LDAP server to authenticate. This is considered <code>PLAIN</code> auth, even when both the XMPP c2s connection and the LDAP connect using TLS
There is an RFC, "Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets"<ref>[https://tools.ietf.org/html/rfc5803 Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets].</ref>).
===== Impact =====
Some clients will display a warning because they detect that the auth used to be done with SASL, but not any longer. The most common one is [https://conversations.im/ Conversations, the Android client], so we are including instructions for it.
===== How to accept the warning in Conversations =====
In Conversations you can accept the warning by pressing "Accept" in the account details, that appears where the "Save" button is normally. <ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 No (obvious?) way to accept SASL downgrade]</ref>
== Multi-user Chat (MUC) ==
== Multi-user Chat (MUC) ==
Line 58: Line 36:
: ht6eqe754p3m2gif.onion
: ht6eqe754p3m2gif.onion
<references />

Revision as of 17:53, 14 February 2020

What is XMPP?

XMPP is an open standard for instant messages as well as voice and video chat. With XMPP, you can send and receive messages between users on thousands of different chat providers.

How to connect

Usually, you only need your user address and password to configure your chat application.

Your user address is your-username@kosmos.org.


For advanced users and/or troubleshooting:

C2S port
5222 (StartTLS), 5223 (TLS)
S2S port
Bosh URL
In-band Registration

Multi-user Chat (MUC)

The server is host to a variety of chat rooms. The server's MUC domain is kosmos.chat. Thus, room addresses look like chatroom-name@kosmos.chat. Only local users (with a kosmos.org address) are currently allowed to create chat rooms on kosmos.chat.

Come talk to us in kosmos@kosmos.chat!

Tor hidden service

You can connect to the XMPP server directly from the Tor network. The configuration is the same as for clearnet, except for the server to connect to: