Using client certificates to login¶
Passwordless authentication is possible in XMPP through the use of mecanisms such as SASL External. This mechanism has to be supported by both the client and the server. This page does not cover the server setup, but prosody has a mod_client_certs module which can perform this kind of authentication, and also helps you create a self-signed certificate.
Poezio configuration¶
If you created a certificate using the above link, you should have at least
two files, a .crt
(public key in PEM format) and a .key
(private key
in PEM format).
You only have to store the files wherever you want and set keyfile
with the path to the private key (.key
), and certfile with the
path to the public key (.crt
).
Next¶
Now that this is setup, you might want to use /certs to list the keys currently known by your XMPP server, /cert_revoke or /cert_disable to remove them, and /cert_fetch to retrieve a public key.