Previous Next

Ignite Realtime Blog

Currently Being Moderated
Daniel Henninger

Big Brother In 3.5.0

Posted by Daniel Henninger on Feb 27, 2008 3:55:11 PM

In Openfire 3.5.0, we have added two new features to address security concerns!  One of these features is security auditing.  We've had packet auditing in Openfire for quite some time now, but that only addresses communication amongst users of your Openfire server.  What the security auditing functionality provides is logging of administrative activities performed via the Admin Console.  Any action you perform that changes the server's configuration, adds, removes, or edits users and groups, or any number of things, will be logged into the security auditor database.  On top of that, we've implemented this via provider functionality just like the user providers.  What this means is that if you have a custom place you'd like to be logging audit events, or perhaps wanted to write some sort of sms event triggering implementation, you can do that and plug it into the existing infrastructure.

 

Beyond the security auditing, we have implemented the ability to lock out (disable) accounts.  By default, you can lock out accounts for certain periods of time, use delayed starts, or lock them out until manually unlocked.  You will find the option to lock out a user while viewing their account in the admin console.  Just like with the security auditor, the implementation uses a provider, so that you can implement whatever source you might have for disabled accounts.

 

The APIs should be pretty flexible and enable developers to build whatever solutions they might need around these two concepts!  I will be posting some more details in the Openfire Dev forum in the near future to go over some of the details and other API improvements.  We hope that you will enjoy the new functionality when 3.5.0 is released!

4,501 Views Tags: planetjabber, openfire


Comments (9)
Feb 28, 2008 10:52 AM wroot wroot    says:

What this "locking feature" will do? Will it just forbid logging in? Would be great to automatically hide locked accounts from shared groups. And they should be again visible when unlocking them. Right now i'm deleting such users from shared groups.
Feb 28, 2008 10:55 AM Daniel Henninger Daniel Henninger    says in response to wroot:

It forbids logging in.  Personally I wouldn't want locked out people to be hidden from shared groups.  I'd still like to know they're in a group, and even be able to IM them.  I haven't heard anyone else ask for this functionality so I elected not to work it in.  Given my belief that not many would want that capability, I bet it could be accomplished with a simple plugin that used the lockout manager's database and compared roster loads and pulled things out of the roster as needed.
Feb 28, 2008 11:52 AM jeffk jeffk    says:

Will this work for systems using AD and LDAP? If so, that will be a nice addition.
Feb 28, 2008 12:00 PM Daniel Henninger Daniel Henninger    says in response to jeffk:

Sure will!  It works independently of the user provider.  Also part of my logic behind building a provider structure for it was in case there's a field in active directory that folk might want to use for locking people out, we could actually offer that.
Feb 28, 2008 12:08 PM jeffk jeffk    says in response to Daniel Henninger:

Well 3.5 is looking great with this and invisibility. Looking forward to it.
Mar 4, 2008 12:31 AM Gunjan kumar    says in response to jeffk:

Hi everyone,

It looks great but what about the multiple accounts adding thing (adding more than one yahoo/msn/gtalk accounts for a openfire user.

 

Gunjan
Mar 4, 2008 5:20 AM Daniel Henninger Daniel Henninger    says in response to Gunjan kumar:

That's an IM Gateway plugin issue (not Openfire), and that functionality is something that's far more complicated than it may seem.  =)  So I don't have a timeframe on it as of yet.
Mar 11, 2008 1:48 PM Marko Marko    says:

Will there be an easier way to log and monitor conversations in OpenFire 3.50?  I have been unsuccessful with finding the right plug-in to use with OpenFire 3.4x.  Any information on this would be MOST helpful!!
Mar 11, 2008 2:28 PM Daniel Henninger Daniel Henninger    says in response to Marko:

Openfire provides a packet auditing function out of the box.  The Enterprise plugin logs and monitors conversations as well as the Open Archive plugin, which can be found in the igniterealtime.org Community section.  That's all that I'm aware of at present.

Actions

Bookmarked By (0)

Popular Blog Posts