prosody
ca9f99f7dcbc
prosody.cfg.lua.dist
Software / code / prosody
Comparison
prosody.cfg.lua.dist @ 5573:ca9f99f7dcbc
prosody.cfg.lua.dist: Fix my s2s_secure(_auth) mess
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sat, 11 May 2013 13:54:02 +0100 |
| parent | 5409:8e98a58ab6a3 |
| child | 5615:b678868cf2d8 |
comparison
equal
deleted
inserted
replaced
| 5571:ae9672f4079a | 5573:ca9f99f7dcbc |
|---|---|
| 97 c2s_require_encryption = false | 97 c2s_require_encryption = false |
| 98 | 98 |
| 99 -- Force certificate authentication for server-to-server connections? | 99 -- Force certificate authentication for server-to-server connections? |
| 100 -- This provides ideal security, but requires servers you communicate | 100 -- This provides ideal security, but requires servers you communicate |
| 101 -- with to support encryption AND present valid, trusted certificates. | 101 -- with to support encryption AND present valid, trusted certificates. |
| 102 -- NOTE: Your version of LuaSec must support certificate verification! | |
| 102 -- For more information see http://prosody.im/doc/s2s#security | 103 -- For more information see http://prosody.im/doc/s2s#security |
| 103 | 104 |
| 104 s2s_secure = true | 105 s2s_secure_auth = false |
| 105 | 106 |
| 106 -- Many servers don't support encryption or have invalid or self-signed | 107 -- Many servers don't support encryption or have invalid or self-signed |
| 107 -- certificates. You can list domains here that will not be required to | 108 -- certificates. You can list domains here that will not be required to |
| 108 -- authenticate using certificates. They will be authenticated using DNS. | 109 -- authenticate using certificates. They will be authenticated using DNS. |
| 109 | 110 |
| 110 -- s2s_insecure_domains = { "gmail.com" } | 111 --s2s_insecure_domains = { "gmail.com" } |
| 111 | 112 |
| 112 -- Even if you leave s2s_secure disabled, you can still require it for | 113 -- Even if you leave s2s_secure_auth disabled, you can still require valid |
| 113 -- some domains by specifying a list here. | 114 -- certificates for some domains by specifying a list here. |
| 114 | 115 |
| 115 -- s2s_secure_domains = { "jabber.org" } | 116 --s2s_secure_domains = { "jabber.org" } |
| 116 | 117 |
| 117 -- Select the authentication backend to use. The 'internal' providers | 118 -- Select the authentication backend to use. The 'internal' providers |
| 118 -- use Prosody's configured data storage to store the authentication data. | 119 -- use Prosody's configured data storage to store the authentication data. |
| 119 -- To allow Prosody to offer secure authentication mechanisms to clients, the | 120 -- To allow Prosody to offer secure authentication mechanisms to clients, the |
| 120 -- default provider stores passwords in plaintext. If you do not trust your | 121 -- default provider stores passwords in plaintext. If you do not trust your |
