diff options
| author | genius3000 <genius3000@g3k.solutions> | 2017-07-27 03:05:44 -0600 |
|---|---|---|
| committer | genius3000 <genius3000@g3k.solutions> | 2017-11-05 19:51:22 -0700 |
| commit | 9d4b4344b49de3c474302e8316576b759249c409 (patch) | |
| tree | 51e11ec2b668ac2bf16d992878e8eaf68f02abb7 /docs/conf/modules.conf.example | |
| parent | 5c65a0a03dc41f3ed84dd4de4a1a5333365d6bb1 (diff) | |
Inform the client when a SASL message cannot be sent
When SASL is properly configured with a 'target' server, we are able
to inform the client when the message fails to send.
Currently if a target is configured and it is offline, no response is
sent. This can cause some clients to time out while waiting for a response.
If a target isn't configured, behaviour will not change with this commit.
The default of '*' will still send to all servers.
Updated example config with 'target' variable.
Diffstat (limited to 'docs/conf/modules.conf.example')
| -rw-r--r-- | docs/conf/modules.conf.example | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index b39ee5d2b..8e193904d 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1591,6 +1591,13 @@ # Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded # for SASL to work. #<module name="m_sasl.so"> +# Define the following to your services server name to improve security +# by ensuring the SASL messages are only sent to the services server +# and not to all connected servers. This prevents a rogue server from +# capturing SASL messages. Having this defined can also improve client +# connections when your services are down, as the client will be told +# that SASL failed rather than just timing out on registration. +#<sasl target="services.mynetwork.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, |