You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I find that external authentication that is implemented in ejabberd is rather inefficient, inflexible. The reason is
The number of CGI processes (authentication script) is fixed when ejabberd starts. It can not be extended if the traffic is higher than planned
ejabberd distributes authentication requests across CGI processes in a round robin manner without concerning if the CGI process is busy or not. External authentication script is implemented in blocking mode, that accepts a single request at a time, making it less scalable. No such thing like backlog queue.
External authentication script locates in the same machine as ejabberd. They must share system resource with each other. If ejabberd is overloaded, their CGI processes will be affected
Local external authentication script in a ejabberd box makes it harder to implement proper security model and deployment. External authentication script is written in a different language, requires different settings and access rules, libraries
I don't know if MongooseIM has implemented an alternative solution. E.x: do authentication via a webservice using a restful API call (isuser, auth)
PS: eJabberd's authentication engine is hard to debug
The text was updated successfully, but these errors were encountered:
Thanks for your input. MongooseIM has the same external auth mechanism as ejabberd unfortunately. This mechanism is used very rarely and it is not recommend to use it on production because of the reasons you've pointed out.
REST Auth sounds good and we do it already but always we integrate such authentication method with already existing customer's services.
Making it more generic maybe useful.
Hi,
I find that external authentication that is implemented in ejabberd is rather inefficient, inflexible. The reason is
I don't know if MongooseIM has implemented an alternative solution. E.x: do authentication via a webservice using a restful API call (isuser, auth)
PS: eJabberd's authentication engine is hard to debug
The text was updated successfully, but these errors were encountered: