Merge pull request #1359 from genius3000/insp20+sasl_no_server

2.0: Inform the client when a SASL message cannot be sent
author: Peter Powell <petpow@saberuk.com> 2017-11-06 11:11:22 +0000
committer: GitHub <noreply@github.com> 2017-11-06 11:11:22 +0000
commit: 9375c633371ee8d25adc5cf756590077e5100bb5 (patch)
tree: 5926bd2f98a579e2edd598020732f684e95a942e /docs/conf
parent: 52de083afcd1608f030551f532bdcdb1f45f1513 (diff)
parent: 9d4b4344b49de3c474302e8316576b759249c409 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 34e25b1e2..d2dad8af5 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -1591,6 +1591,13 @@
 # Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded
 # for SASL to work.
 #<module name="m_sasl.so">
+# Define the following to your services server name to improve security
+# by ensuring the SASL messages are only sent to the services server
+# and not to all connected servers. This prevents a rogue server from
+# capturing SASL messages. Having this defined can also improve client
+# connections when your services are down, as the client will be told
+# that SASL failed rather than just timing out on registration.
+#<sasl target="services.mynetwork.com">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Secure list module: Prevent /LIST in the first minute of connection,
author	Peter Powell <petpow@saberuk.com>	2017-11-06 11:11:22 +0000
committer	GitHub <noreply@github.com>	2017-11-06 11:11:22 +0000
commit	9375c633371ee8d25adc5cf756590077e5100bb5 (patch)
tree	5926bd2f98a579e2edd598020732f684e95a942e /docs/conf
parent	52de083afcd1608f030551f532bdcdb1f45f1513 (diff)
parent	9d4b4344b49de3c474302e8316576b759249c409 (diff)