Purpose: I wanted our Jabber server to authenticate against our NT domain, and did not want users passwords stored in the clear in their xdb files. Since our VPN solution validates against our NT domain through RADIUS, I thought this would be the simplest solution. I also wanted users to be auto-registered, assuming they could validate against RADIUS. Source: There is one source file, mod_auth_radius.c. It should be placed in jsm/modules. Dependencies: This module depends on a RADIUS server, and the radiusclient library written by Lars Fenneberg. It is available at http://www.mcs-cityline.net/~lf/radius/ I have built it on both Solaris 2.6 and Linux 2.2. I suggest getting the src/radexample working before proceeding with connecting it to Jabber. radiusclient builds like nothing I've seen before. I didn't let it install itself, but instead copied the shared libraries it built from lib/.libs to where I wanted. Same for the one include file it needs. Building: I can build open source projects, but am not a guru at writing the build systems, so what I did may not be optimal. After placing mod_auth_radius.c in jsm/modules, I added mod_auth_radius.o to the list of jsm_modules_OBJECTS. I also added a "-I" pointing to the location of the include files for radiusclient to the CFLAGS line. I also appended " -lradiusclient" to LIBS and set LDFLAGS to "-L/location/of/radiusclient/shared/libraries" in platform-settings. Then I just ran make as usual. Configuration: I made the following changes to jabber.xml The radius module needs to tell the radiusclient where to find its config. Add a section like: /etc/radiusclient/radiusclient.conf to the jsm section. In the jsm load section, I commented out mod_auth_plain, mod_auth_digest, mod_auth_0k, and mod_register (mod_auth_radius handles registration for users with valid radius accounts). I added mod_auth_radius following the commented auth modules, and moved mod_last to follow mod_auth_radius. This was done to keep .xml files from being created for bad registration attempts. This may not be a "correct" thing to do. Running: The only different requirement to start the jabber server is that the LD_LIBRARY_PATH must contain the radiusclient shared library. Problems: None known, but I don't know if I fully exercised the code surrounding the user updating their server information. Also, having not written C in 10 years, I'm not positive I haven't introduced any memory leaks. I don't think I have, I've followed examples from existing modules, but someone may want to take a closer look. Author: Michael Carland (mcarland@nvs.com) I haven't written C since college. I've spent my career doing network/system administration followed by Java developement. I hope by tying jabber into our existing authentication mechanism, and pointing out some additional features of Jabber, I can convince my coworkers to agree on Jabber as our IM of choice, since we are now scattered across various IM systems. Thanks: Thanks to everyone who has contributed to Jabber and made it something that we all can enjoy! Also thanks to temas, who pointed me in the right direction when I was close, but stuck, on this project. Also thanks to writers of the mod_auth_plain and mod_register modules, whose code was heavily borrowed.