Today's minor release of xmpp-cloud-auth marks the conclusion of several months of work.
Nextcloud as an Authentication Hub
The list of changes below may look small, but they boost xmpp-cloud-auth to a full-fledged authentication solution centered around Nextcloud.
As an admin, you now can manage all your user accounts in the comfortable Nextcloud user administrator. These accounts can the be made available as an authentication and user existence backend to
- an XMPP server such as ejabberd or Prosody using the ejabberd and prosody authentication modes. This was the original goal when we started this project about 1½ years and over 300 commits ago.
- a POP3/IMAP server such as Cyrus IMAP using the saslauth authentication mode. This replaces the real saslauthd and its user base with a compatible interface and the Nextcloud accounts.
- a SMTP server such as Postfix to
* authenticate the users, again using the saslauth interface, and
* identify the existence of virtual mailboxes using the postfix interface (tcp_table in Postfix lingo).
A powerful solution
As security measures, both Nextcloud application-specific passwords and JSXC time-limited tokens are available for all authentication modes to avoid having to give out the account password to backend services. The time-limited tokens are especially helpful, as they allow single-sign-on mechanisms to work with backends that do require passwords and (for all authentication mechanisms) obviate the need to store the password in the web browser.
The new systemd socket activation mode is also much more resource-saving than previous modes, as only threads are created, not new processes, when handling new connections.
Thanks to everyone who contributed, also with helpful bug reports and recommendations.
Changelog
Added
- Support systemd socket activation
- Now supports Postfix Virtual Mailbox mode
Fixed
- Incorporated Prosody upstream modauthexternal.lua fixes
Changed
- Starting from systemd is now the recommended mode