Cooking with Linux - Cross at Your Platform?
Without a doubt, I am impressed by your dedication to open standards of communication, François, but this is a little crazy—not that crazy is beyond you, mon ami, but you are on the verge of out-doing yourself. Smoke signals? In the restaurant? Yes, I realize it's an ancient form of communication suitable for short messages, and I am willing to let you try many things for the sake of open source and open standards, but I must say no to fires in the restaurant—unless you are making crème brûlée, of course. Besides, smoke signals require line of sight for meaningful communication. Even if I could allow it, it just won't work in the restaurant.
Quoi? What about your instant-messaging service? You promised your cousins you'd set up something? No problem, François, I've got something on tonight's menu that will do the job nicely. Now, please clean up this mess quickly. Our guests will be here momentarily. Hurry! I see them approaching now.
Welcome, mes amis, to Chez Marcel. Forgive the mess. My faithful waiter is taking care of it. In the meantime, please find your tables, sit down, and make yourselves comfortable. François, as soon as you are done, please go down to the wine cellar and bring back tonight's wine. We have a case of 2007 Jean-Max Roger Sancerre Cuvée les Caillottes Sauvignon Blanc from the Loire Valley in the south wing. This is a great medium-bodied white, mes amis, crisp with great citrus flavor. Enjoy!
François and I were discussing open instant messaging when you arrived. If widespread acceptance of a technology by businesses large and small constitutes a serious technology, then instant messaging is all grown up now. Although great for casual, always-on conversation, instant messaging, or IM for short, has moved firmly into the corporate network infrastructure. IM allows you to remain in contact with your fellow workers, team members and so on by carrying on short, ongoing conversations. And, it's good for family and friends as well.
Here at Chez Marcel, we believe strongly in open source and open protocols, and that philosophy also extends to instant messaging. If you've used any kind of instant messaging, you know there are many providers and many protocols—all of them using proprietary standards. There is, however, a real industry standard known as XMPP (extensible messaging and presence protocol). It's more commonly known as Jabber, and it's used by many companies and organizations. (Jabber/XMPP is the protocol used by Google Talk.)
From a business standpoint, Jabber should be your clear IM choice. Because Jabber is an open protocol, it doesn't belong to anyone in particular, so there is no single company driving its destiny. Your business won't get locked down by proprietary formats. Jabber also uses a decentralized approach, so the system is more robust. Best of all, any company can run its own private, secure, standards-compliant, Jabber instant-messaging server for little or no cost for the software. One of my favorite Jabber servers comes from a company called Jive Software. It's called Openfire, and it's completely open and released under the GPL.
Getting an Openfire Jabber server up and running starts with a visit to the Jive Software's Ignite Realtime community site at www.igniterealtime.org. Click on Products, then select the Openfire Jabber collaboration server link (at the time of this writing, the version number is 3.6.4). Jive and Ignite Realtime have many products listed on the site, and all of them are meant to enable collaboration and communication, but I concentrate only on Openfire here. The package comes in an RPM format package as well as DEB. There's also a tarred and gzipped bundle that should work in environments where RPM or DEB might be an issue. Installing either version of the package is easy. To install the RPM package, type the following:
sudo rpm -i openfire_3.6.4-1.i386.rpm
If you choose to use the Debian package, you can install it with:
sudo dpkg -i openfire_3.6.4_all.deb
If you need to use the tarred bundle, extract it in the /opt directory. This is the installation folder for the RPM package as well. Openfire files and programs wind up under /opt/Openfire. One plus of the RPM package is that it comes with the Java Runtime Environment (JRE). If you choose (or need to use) the tarred bundle, you also need version 1.6 Java RE loaded on your system. Java is, of course, available from java.sun.com. Debian (or Ubuntu) users also need an installed Java JRE. In addition, that whole thing about everything in /opt doesn't apply to Debian users.
The installation process takes only a few seconds on modern systems. You'll see a little message that says, “Setting up Openfire” followed by a couple more messages advising you that a new user is being added (named Openfire) and that the server is starting. And, that's pretty much it. The final part of the installation, which involves configuring the server, takes place using your Web browser. The server takes only a few seconds to initialize, and the installer automatically starts the server. Of course, if this is a new install, there are a few more steps, and those are done via your Web browser. The Openfire server administrative interface runs on port 9090, so point your browser to the following address: http://localhost:9090.
A short question-and-answer setup session follows. You are asked for your preferred language—choices include French, English, German, Spanish and six others. Click Continue, and enter the server's fully qualified domain name and the port on which it operates. The 9090 port is the default, along with port 9091 for secure connections to the server. Unless you have a good reason, it probably makes sense to accept those defaults.
The next screen is the database selection screen (Figure 1). Openfire supports several database architectures, including PostgreSQL, MySQL, Oracle and others. Each of those requires some external setup, but the documentation covers that well. If your needs are modest, select the embedded HSQLDB database included with Openfire.
For many, the built-in database will suffice and serve modest requirements well. In a larger office environment, or if you expect to have many users, you should use one of the other database options (Figure 2). Read each line carefully, because you need to enter the database name, user name and password to continue.
Next, choose where to store your user profiles. You can select the Openfire database (the easiest choice), an existing directory server (such as an LDAP server) or Jive's Clearspace social business software. Click Continue, and it's time to set up the admin account (cleverly called admin). Provide an e-mail address for the admin user and a password, and click Continue. Congratulations! You have a running Openfire XMPP (or Jabber) server. This is the last time you will see the setup screen. From now on, when you click on the Web server address, you'll be at the Admin login screen. To go there now, click the Login to the admin console button on the page.
A quick note on procedure: if you just go ahead and click that button, you may find that you can't log in immediately via the admin console. Here's a tip. Before doing anything else, reload Openfire's configuration by typing /etc/init.d/Openfire restart.
At this point, you don't actually have to do anything else. Using your Jabber client of choice, you can create an account and start using the server. For instance, with Pidgin, the GNOME multiprotocol instant-messaging client, you could click Accounts to bring up the Manage Accounts dialog, and click the Add button. This brings up the Add Account window (Figure 3). From there, select XMPP from the Protocol list, choose a user name, then enter your server's domain name and select a password. Now, look at the bottom of the window shown in Figure 3. There's a check box labeled Create this new account on the server. Be sure to check that box.
When you click the Add button, another window appears, and this one asks you to validate the SSL certificate from the Openfire server. Click Accept, and another window appears to confirm your registration. Enter your authentication information (user name, password and e-mail address), then click OK. The server finishes your registration, and you'll get a successful registration box. Click OK, and that's it. You'll be back at the account listing screen at this point, but not logged in, so click the enabled button, and you should be ready to start building your buddy list (Figure 4).
Over in KDE-land, we have the Kopete multiprotocol instant-messaging client. The registration process is similar. From the main Kopete window, click Settings, then Configure. From the configuration window, select Accounts from the left-hand sidebar, then click Add Account on the right. You'll see a window asking you to choose from one of many instant-messaging protocols. In this case, select Jabber, then click Next. This takes you to step two, the account information window from which you can register your new account. There are four tabs here, but you need to concern yourself only with the Basic Setup at this time. Enter a Jabber ID in the format of email@example.com, click the Remember Password check box (assuming you don't want to enter it each time you log in), and enter a password. Now, click the Register New Account button. A Register New Jabber Account dialog appears (Figure 5).
Everything here should be filled in properly. Confirm the password, then click Register. Back at the Account Information window, click Next, and then click Finish to wrap it up. You should be logged in to your new Jabber/XMPP account automatically and ready to chat. You aren't limited to chatting with users only on this server. You can chat with any other person using Jabber IM, including people using Google Talk. Some enterprise applications even are including Jabber servers and chat clients into their software.
By default, access is open and anyone may register. If you are running a private, corporate server, this may not be what you want to do. Securing access is done through Openfire's administrative Web interface, which provides an easy way to administer all of Openfire's functions.
Administrative tasks are organized behind a system of tabs, with functions organized into major categories. Those tabs then can be broken up into subtabs. For instance, to add users manually, click the Users/Groups tab, then select Create New User from the menu, and enter the information directly into the Web form (Figure 6). You can add, modify or delete users, organize them into groups and more. The User Summary screen makes it easy to check your users' on-line status, whether they are logged on and when they last logged out.
I started out by telling you that any and all users were allowed to register an account by default, and that's all well and good, but it may not be what you want. To control access to certain IP addresses (a local area network, for instance) or whether public registration even is allowed, click the Server tab and select the Server Settings subtab. Next, choose Registration & Login from the menu on the left. This page lets you configure the rules that govern user registration (Figure 7).
What seems so simple to your instant-messaging users actually is a fairly complex and exceedingly powerful collaboration server. The administrator has extensive control over Openfire's operation, from server-to-server communications, message audit policies, the treatment of messages sent to off-line users (stored, by default), private data storage, file transfers, security settings (this includes encrypted communications) and a lot more. Openfire also is extensible with added functionality provided through a system of plugins (Figure 8).
The cool thing about plugins is that you can install them on the fly on the running server. There's Asterisk VoIP integration, various filters, e-mail listeners (to alert users when new messages arrive), a live Web-based chat response system (as on customer support sites), content filters, a SIP phone plugin, monitoring extensions and lots more. To install other plugins, click the Available Plugins link to see what's available. Each plugin is listed with a description of its function, so you can decide whether it's something you need. Adding plugins also changes the administrative interface by adding new tabs—you aren't going crazy, the interface really is changing before your eyes.
Then, there are chat rooms. We all love group chats, or conferencing, if you prefer. Permanent chat rooms can be created where users can gather for general meetings or predefined functions. Rooms can be customized to define the maximum number of users, password protection, public vs. private, what users can do in the room, whether the room is moderated, amount of chat history and more (Figure 9).
You can define administrators according to their Jabber IDs, specify who can create new chat rooms, room owners, members and outcasts.
Remember, mes amis, free and open protocols, open standards and open source are the reasons why you should consider Jabber for your instant-messaging needs. Furthermore, with a cool, open-source product like Openfire, your company or organization's server practically is begging for you to give up that proprietary instant-messaging nonsense and move to Jabber/XMPP. Open standards and open protocols mean you aren't locked in to this or any Jabber implementation. It also means your data and your messages always will be yours, and that makes great business sense. Heck, it makes great sense, period.
Well, mes amis, that clock is busy reminding us that closing time is once again here. Now that you've got access to a great instant-messaging system, we can keep in touch long after we leave each other tonight. But, let's not rush our departure quite yet. There is still more wine, and I know that my faithful waiter, François, would love nothing more than to refill everyone's glass a final time before we say goodbye. Until next time, please, mes amis, raise your glasses and let us all drink to one another's health. A votre santé! Bon appétit!
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Varnish Software's Hitch
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide