Today's minor release of xmpp-cloud-auth marks the conclusion of several months of work.
Nextcloud as an Authentication Hub
The list of changes below may look small, but they boost
xmpp-cloud-auth to a full-fledged authentication solution centered around Nextcloud.
As an admin, you now can manage all your user accounts in the comfortable Nextcloud user administrator. These accounts can the be made available as an authentication and user existence backend to
- an XMPP server such as ejabberd or Prosody using the
prosody authentication modes. This was the original goal when we started this project about 1½ years and over 300 commits ago.
- a POP3/IMAP server such as Cyrus IMAP using the
saslauth authentication mode. This replaces the real saslauthd and its user base with a compatible interface and the Nextcloud accounts.
- a SMTP server such as Postfix to
* authenticate the users, again using the
saslauth interface, and
* identify the existence of virtual mailboxes using the
postfix interface (
tcp_table in Postfix lingo).
A powerful solution
As security measures, both Nextcloud application-specific passwords and JSXC time-limited tokens are available for all authentication modes to avoid having to give out the account password to backend services. The time-limited tokens are especially helpful, as they allow single-sign-on mechanisms to work with backends that do require passwords and (for all authentication mechanisms) obviate the need to store the password in the web browser.
The new systemd socket activation mode is also much more resource-saving than previous modes, as only threads are created, not new processes, when handling new connections.
Thanks to everyone who contributed, also with helpful bug reports and recommendations.
- Support systemd socket activation
- Now supports Postfix Virtual Mailbox mode
- Incorporated Prosody upstream modauthexternal.lua fixes
- Starting from systemd is now the recommended mode