This plugin has two main features:<\/p>\n
This plugin is still in experimental state but is usable.<\/p>\n
The authentication part is something like openID, except that it uses your
\nexisting IM address: you ask for authentication on a website, and it pops-up a
\nconfirmation via IM (that you can accept, or refuse).<\/p>\n
Considering that the IM protocol (XMPP) is very secure, It adds an additional layer to protect against Spam by verifying an Many reasons to use such a plugin for login:<\/p>\n This section contains the connection parameters of the account which will be By default xmpp-auth can use SRV records which is a recommended way to This is an advanced section in case your server does not use SRV AND uses a server Hence there will be very very few cases where you will have to fill this The default values will be used if the fields are empty and no SRV is configured on Features I am considering:<\/p>\n Full Secure XML Stream with:<\/p>\n
\nall the infrastructure to securely exchange an authentication request is
\nthere. No need to make any new account, no need a special client, nor a
\nidentity third party provider, and that\u2019s really instantaneous (as instant<\/em>
\nmessaging) and more secure than HTTP or SMTP protocols.<\/p>\nSpam Protection<\/h4>\n
\nidentity using a very secure and modern protocol (XMPP), which also is instant,
\nhence much more reliable in any way than email for instance.<\/p>\nSecure and Easy Login<\/h4>\n
\n
\nyour profile, on a per-user choice);<\/li>\n
\nonly your IM account to be a minimum securized. Or better, you run an IM
\nclient on your smartphone (or a similar tool), so you would receive the query
\non this personal item while never typing any kind of password on the insecure
\nplatform where you log.<\/li>\nConfiguration<\/h3>\n
Publishing Account<\/h4>\n
\nused as a wordpress bot. I would personnaly advice to create a dedicated account
\njust for it (you may also use your personal account of course, as the plugin\u2019s
\nbot will create a resource identifier unique for every connection) and to
\nconfigure it to refuse any contact and communication (as noone will have to
\nadd it to one\u2019s roster, except you maybe for test or debugging purpose?).
\nThe fields are:<\/p>\n\n
Advanced Connection Parameters<\/h4>\n
\nadvertize server and port from a domain name (see for instance
\nhttp:\/\/dns.vanrein.org\/srv\/ for details).<\/p>\n
\nwhich is not the same as the domain from the jid or a port different from the
\ndefault one (5222).<\/p>\n
\nsection and if you don\u2019t understand all what I say here, just don\u2019t fill
\nanything there (if you fill even only one field, then it will be used instead
\nof SRV and default values).<\/p>\n
\nthe Jabber server:<\/p>\n\n
TODO<\/h3>\n
\n
\nparticular, I should at least cache DNS lookups now.<\/li>\n
\nadequate);<\/li>\n
\naddress, obviously only for administrators);<\/li>\n
\ninstead of email.<\/li>\n<\/ul>\nXMPP Features<\/h3>\n
\n
\nauthentication);<\/li>\nContacts<\/h3>\n