Using client certificates to login¶
Passwordless authentication is possible in XMPP through the use of mechanisms such as SASL External. This mechanism has to be supported by both the client and the server. This page does not cover the server setup, but prosody has a mod_client_certs module which can perform this kind of authentication, and also helps you create a self-signed certificate.
If you created a certificate using the above link, you should have at least
two files, a
.crt (public key in PEM format) and a
.key (private key
in PEM format).