This option allows disabling some auth mechanisms
to be offered in SASL1 features. This makes adding
new password types easier, by ensuring that new
password use will be offered only to clients that
have new type stored (SASL2 clients that send us
user info before features need to be sent), but
not to clients where we don't know if they have
new passwords.
Due to Google Chrome certification requirements we can expect
that in near future there will be no certificate authority
that will issue certifcates that have both server and client auth
purposes.
This change makes s2s listeners ignore cert purposes, and should
allow servers that have those new certificate to use it, to
authenticate new s2s connections.
This fixes issue #4392
This reverts commit a8a5be7a34.
Don't upgrade to stun 1.2.19 yet, because esip still depends on stun 1.2.17:
Because "the lock" depends on "esip 1.0.57" which depends on "stun 1.2.17", "the lock" requires "stun 1.2.17".
And because "the lock" specifies "stun 1.2.19", no version of "the lock" is allowed.
So, because "your app" depends on "the lock", version solving failed.
** (Mix) Hex dependency resolution failed
This adds option 'auth_stored_password_types' that can be used to setup
storage of multiple passwords for each user. When this is set, on each
password set, database will now store password in each format specified.
Define and macro by setting as environment variable:
EJABBERD_MACRO_ + macro name
For example, if you configure in ejabberd.yml:
define_macro:
LOGLEVEL: 4
loglevel: LOGLEVEL
You can define (and overwrite) that macro definition when starting ejabberd:
EJABBERD_MACRO_LOGLEVEL=5 make relive
XEP-0388 says: "SASL2 MUST only be used by Clients or offered by Servers
after TLS negotiation". Therefore, we reject SASL2 negotiations over
unencrypted transports by default. However, TLS might be terminated
outside of ejabberd. Add the 'allow_unencrypted_sasl2' option to
support this use case.
This allows connections to server that have both xmpps-server and xmpp-server
srv entries, for which xmpps version doesn't work correctly. Before this
change we would stop on non-working xmpps server, now we will also attempt
to connect further servers on list.
