mremond
commented
7 years ago 👍
Closed edhelas closed 2 years ago
mremond
commented
7 years ago 👍
zinid
commented
7 years ago While it sounds fine, the problem is that we probably need to restring anonymous users in a lot of places: MAM, vCards, roster comes to my mind, maybe more. So, probably, we need a more generic mechanism to make such restriction in different places. One possible approach is to create a virtual host for anonymous logins and use respective ACL rules within modules/susbsystems.
zinid
commented
7 years ago Or, if maintaining a separate virtual host is a burden, we can use unique prefix for anonymous logins and use user_regexp rule for ACL.
prefiks
commented
7 years ago I will expand our acl rules with is_anonymous (or something better sounding) flag, with this i think it should be possible to do it.
Neustradamus
commented
3 years ago @prefiks: I am not sure that you have done it, what is the current status?
SASL ANONYMOUS is not used most of the time because it can create a lot of spammy accounts.
Restricting or forbidding S2S to those accounts could limit that and justify the use of ANONYMOUS for specific use cases (for example only to login to local chatrooms).