Hi,

I'm working on jabberd2 to implement c2s SASL external authentication based on TLS certificates.

I've used pyxmpp as the testing library for the connections and I can only say it works :)

Implemented stuff:[[BR]]

1. Fixed deprecated m2crypto client certificate stuff[[BR]]
2. Added SASL external authenticator[[BR]]
3. Modified bits of code to make it work.[[BR]]

The following stadards were used:[[BR]]

1. RFC3920bis (http://mail.jabber.org/pipermail/standards/2008-June/018939.html) [[BR]]
2. XEP-0178 (http://xmpp.org/extensions/xep-0178.html#c2s)

The following patch is made against pyxmpp-1.0.1 release tarball. I'm also attaching a testing script which successfully connects to my modified jabberd2 server (patches to that server will be posted soon).

I know it has been 8 months since the patch was commited, but it is now, when I started doing anything with PyXMPP. And the first thing I did was to drop M2Crypto support in favor of the standard Python 2.6 'ssl' module…
I wanted to apply outstanding patches now, but I cannot apply this one as it touches the modified part. And I don't have a test environment and any experience with EXTERNAL authentication. Could you update your patch?

--jajcus

Oh, so you're dropping the M2Crypto dependency, that's good :) When can we expect a release of pyxmpp then?

Is the changed source in trunk? If so, I'll take a look at the issue pretty soon.

--neuro@o2.pl

Already released: http://pyxmpp.jajcus.net/downloads/pyxmpp-1.1.0.tar.gz :-)

--jajcus

Alright, so I've created a new patch. I'm sorry, the previous one missed out on the external.py file.

This one contains everything. Your streamtls.py contained everything needed :)

--neuro@o2.pl

(In [720]) - SASL External authentication. Closes #35. Thanks to neuro

--jajcus