[OPEN-ILS-DEV] Ejabberd configuration for OpenSRF

Lazar, Alexey Vladimirovich alexey.lazar at mnsu.edu
Tue Oct 2 16:55:05 EDT 2012


An old thread, but oh well. I wasn't seeking an excuse to use weak passwords. My question, which could have been phrased more specifically, was about the potential risk of using weak passwords for ejabberd users. For example, could somebody try to exploit a weak password here? How? What's to gain? That type of stuff.

Alexey

On Jul 2, 2012, at 13:26 , Justin Hopkins wrote:

> I guess the questions is why wouldn't you use a strong password? What is there to gain?
> 
> Cheers,
> Justin
> 
> On Jul 2, 2012, at 11:59 AM, Lazar, Alexey Vladimirovich wrote:
> 
>> Ok, thanks.
>> 
>> Another question.  How much should I worry about the strength of ejabberd user passwords?  Does it matter in terms of security?
>> 
>> Thanks.
>> 
>> On Jun 30, 2012, at 07:15 , Thomas Berezansky wrote:
>> 
>>> I don't think localhost is needed.
>>> 
>>> As for max_stanza_size, it doesn't need to be a power of two because it isn't a memory size or anything, it is a sanity check in ejabberd. It needs to be larger than the default because OpenSRF sends fairly large messages on a regular basis, at least with Evergreen running over it. At the size in question S2S messages don't need a significantly larger setting.
>>> 
>>> In general, the default and recommended items across ejabberd's config is assuming you are setting up an XMPP *chat* server, with people sending messages to each other using the various features of XMPP. OpenSRF interacts with XMPP much differently, and as such the various notes may not fully apply.
>>> 
>>> Thomas Berezansky
>>> Merrimack Valley Library Consortium
>>> 
>>> 
>>> Quoting "Lazar, Alexey Vladimirovich" <alexey.lazar at mnsu.edu>:
>>> 
>>>> Hi, a couple of questions about ejabberd settings.
>>>> 
>>>> 1. For OpenSRF, is the "localhost" entry required in the hosts directive?
>>>> 
>>>> {hosts, ["localhost", "private.localhost", "public.localhost"]}
>>>> 
>>>> Or can it be safely omitted with just the private.localhost and public.localhost hosts listed?
>>>> 
>>>> 2. Max_stanza_size.
>>>> 
>>>> Ejabberd documentation says:
>>>> {max_stanza_size, Size}
>>>> This option specifies an approximate maximum size in bytes of XML stanzas. Approximate, because it is calculated with the precision of one block of read data. For example {max_stanza_size, 65536}. The default value is infinity. Recommended values are 65536 for c2s connections and 131072 for s2s connections. s2s max stanza size must always much higher than c2s limit. Change this value with extreme care as it can cause unwanted disconnect if set too low.
>>>> 
>>>> OpenSRF instructions say:
>>>> Change all max_stanza_size values to 2000000.
>>>> 
>>>> The OpenSRF-recommended value is the same for c2s and s2s connections, which differs from what the ejabber documentation suggests. I am curious about a) what requires these values to change for OpenSRF in the first place, b) why the OpenSRF-recommended value for c2s and s2s is the same, and 3) why a power of 2 is not used for it, e.g., 2097152?
>>>> 
>>>> Any "science" behind these and other OpenSRF-recommended settings, or just safe guesses?
>>>> 
>>>> Thanks.
>>>> 
>>>> Alexey Lazar
>>>> PALS
>>>> Information System Developer and Integrator
>>>> 507-389-2907
>>>> http://www.mnpals.org/
>>>> 
>>>> 
>>> 
>>> 
>> 
>> 
>> Alexey Lazar
>> PALS
>> Information System Developer and Integrator
>> 507-389-2907
>> http://www.mnpals.org/
>> 
> 


Alexey Lazar
PALS
Information System Developer and Integrator
507-389-2907
http://www.mnpals.org/



More information about the Open-ils-dev mailing list