gnu: services: Add insecure-sasl-mechanisms to prosody configuration.

* gnu/services/messaging.scm (prosody-configuration): Add
insecure-sasl-mechanisms configuration option.
* doc/guix.texi (Messaging Services): Document it.

Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
This commit is contained in:
Carlo Zancanaro 2024-03-11 22:59:52 +11:00 committed by Liliana Marie Prikler
parent 2ad6e7b43b
commit d25620be4c
No known key found for this signature in database
GPG key ID: 442A84B8C70E2F87
2 changed files with 15 additions and 3 deletions

View file

@ -28551,6 +28551,12 @@ Set of mechanisms that will never be offered. See
Defaults to @samp{'("DIGEST-MD5")}. Defaults to @samp{'("DIGEST-MD5")}.
@end deftypevr @end deftypevr
@deftypevr {@code{prosody-configuration} parameter} string-list insecure-sasl-mechanisms
Set of mechanisms that will not be offered on unencrypted connections.
See @url{https://prosody.im/doc/modules/mod_saslauth}.
Defaults to @samp{'("PLAIN" "LOGIN")}.
@end deftypevr
@deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption? @deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
Whether to force all server-to-server connections to be encrypted or not. Whether to force all server-to-server connections to be encrypted or not.
See @url{https://prosody.im/doc/modules/mod_tls}. See @url{https://prosody.im/doc/modules/mod_tls}.
@ -28630,7 +28636,7 @@ See @url{https://prosody.im/doc/configure#virtual_host_settings}.
Available @code{virtualhost-configuration} fields are: Available @code{virtualhost-configuration} fields are:
all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{virtualhost-configuration} parameter} string domain @deftypevr {@code{virtualhost-configuration} parameter} string domain
Domain you wish Prosody to serve. Domain you wish Prosody to serve.
@end deftypevr @end deftypevr
@ -28652,7 +28658,7 @@ Defaults to @samp{'()}.
Available @code{int-component-configuration} fields are: Available @code{int-component-configuration} fields are:
all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{int-component-configuration} parameter} string hostname @deftypevr {@code{int-component-configuration} parameter} string hostname
Hostname of the component. Hostname of the component.
@end deftypevr @end deftypevr
@ -28705,7 +28711,7 @@ Defaults to @samp{'()}.
Available @code{ext-component-configuration} fields are: Available @code{ext-component-configuration} fields are:
all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
@deftypevr {@code{ext-component-configuration} parameter} string component-secret @deftypevr {@code{ext-component-configuration} parameter} string component-secret
Password which the component will use to log in. Password which the component will use to log in.
@end deftypevr @end deftypevr

View file

@ -427,6 +427,12 @@ (define-all-configurations prosody-configuration
@url{https://prosody.im/doc/modules/mod_saslauth}." @url{https://prosody.im/doc/modules/mod_saslauth}."
common) common)
(insecure-sasl-mechanisms
(string-list '("PLAIN" "LOGIN"))
"Set of mechanisms that will not be offered on unencrypted connections.
See @url{https://prosody.im/doc/modules/mod_saslauth}."
common)
(s2s-require-encryption? (s2s-require-encryption?
(boolean #f) (boolean #f)
"Whether to force all server-to-server connections to be encrypted or not. "Whether to force all server-to-server connections to be encrypted or not.