From: Carlo Zancanaro <carlo@zancanaro.id.au>
To: 69731@debbugs.gnu.org
Cc: Liliana Marie Prikler <liliana.prikler@gmail.com>
Subject: [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration.
Date: Mon, 11 Mar 2024 22:59:52 +1100 [thread overview]
Message-ID: <2f7f7780814bd69a270087f0edf0071f453bdc5d.1710157873.git.carlo@zancanaro.id.au> (raw)
In-Reply-To: <cover.1710157873.git.carlo@zancanaro.id.au>
* gnu/services/messaging.scm (prosody-configuration): Add
insecure-sasl-mechanisms configuration option.
* doc/guix.texi (Messaging Services): Document it.
Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586
---
doc/guix.texi | 12 +++++++++---
gnu/services/messaging.scm | 6 ++++++
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 858d5751bf..d9b55b3c1f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -28551,6 +28551,12 @@ Messaging Services
Defaults to @samp{'("DIGEST-MD5")}.
@end deftypevr
+@deftypevr {@code{prosody-configuration} parameter} string-list insecure-sasl-mechanisms
+Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}.
+Defaults to @samp{'("PLAIN" "LOGIN")}.
+@end deftypevr
+
@deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
Whether to force all server-to-server connections to be encrypted or not.
See @url{https://prosody.im/doc/modules/mod_tls}.
@@ -28630,7 +28636,7 @@ Messaging Services
Available @code{virtualhost-configuration} fields are:
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{virtualhost-configuration} parameter} string domain
Domain you wish Prosody to serve.
@end deftypevr
@@ -28652,7 +28658,7 @@ Messaging Services
Available @code{int-component-configuration} fields are:
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{int-component-configuration} parameter} string hostname
Hostname of the component.
@end deftypevr
@@ -28705,7 +28711,7 @@ Messaging Services
Available @code{ext-component-configuration} fields are:
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{ext-component-configuration} parameter} string component-secret
Password which the component will use to log in.
@end deftypevr
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 9702170b3e..a914d0f89e 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -427,6 +427,12 @@ (define %default-modules-enabled
@url{https://prosody.im/doc/modules/mod_saslauth}."
common)
+ (insecure-sasl-mechanisms
+ (string-list '("PLAIN" "LOGIN"))
+ "Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}."
+ common)
+
(s2s-require-encryption?
(boolean #f)
"Whether to force all server-to-server connections to be encrypted or not.
--
2.41.0
next prev parent reply other threads:[~2024-03-11 12:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-11 11:57 [bug#69731] [PATCH 0/2] Fix prosody system test Carlo Zancanaro
2024-03-11 11:59 ` Carlo Zancanaro [this message]
2024-03-11 11:59 ` [bug#69731] [PATCH 2/2] gnu: tests: " Carlo Zancanaro
2024-03-11 17:24 ` [bug#69731] [PATCH 0/2] " Liliana Marie Prikler
2024-03-12 1:01 ` Carlo Zancanaro
2024-03-17 12:29 ` bug#69731: " Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f7f7780814bd69a270087f0edf0071f453bdc5d.1710157873.git.carlo@zancanaro.id.au \
--to=carlo@zancanaro.id.au \
--cc=69731@debbugs.gnu.org \
--cc=liliana.prikler@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).