prosody-modules
4d73a1a6ba68
mod_s2s_auth_fingerprint/README.markdown
Software / code / prosody-modules
Comparison
mod_s2s_auth_fingerprint/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Aug 2015 18:03:58 +0200 |
| parent | 1782:mod_s2s_auth_fingerprint/README.wiki@29f3d6b7ad16 |
| child | 1820:8de50be756e5 |
comparison
equal
deleted
inserted
replaced
| 1802:0ab737feada6 | 1803:4d73a1a6ba68 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Alpha' | |
| 4 - 'Type-S2SAuth' | |
| 5 summary: Fingerprint based s2s authentication | |
| 6 ... | |
| 7 | |
| 8 Introduction | |
| 9 ============ | |
| 10 | |
| 11 This module allows you to manually pin certificate fingerprints of | |
| 12 remote servers. | |
| 13 | |
| 14 Details | |
| 15 ======= | |
| 16 | |
| 17 Servers not listed in the configuration are not affected. | |
| 18 | |
| 19 Configuration | |
| 20 ============= | |
| 21 | |
| 22 After installing and enabling this module, you can put fingerprints of | |
| 23 remote servers in your config like this: | |
| 24 | |
| 25 s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" | |
| 26 s2s_trusted_fingerprints = { | |
| 27 ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; | |
| 28 ["matthewwild.co.uk"] = { | |
| 29 "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; | |
| 30 "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; | |
| 31 }; | |
| 32 } | |
| 33 | |
| 34 -- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too | |
| 35 s2s_secure_domains = { | |
| 36 "jabber.org"; | |
| 37 } | |
| 38 | |
| 39 Compatibility | |
| 40 ============= | |
| 41 | |
| 42 ------- -------------- | |
| 43 trunk Works | |
| 44 0.9 Works | |
| 45 0.8 Doesn't work | |
| 46 ------- -------------- |
