You are here: Foswiki>TIG Web>Jabber(XMPP)InstantMessaging (revision 19)EditAttach


CSAIL now has a private Jabber server. Jabber is also known as XMPP, the eXtensible Messaging and Presence Protocol. The server allows participating Lab members to send text messages to each other, and also supports "multi-user conference" (aka chat room) services. Appropriately-equipped clients, such as Apple's iChat AV, can use the server to start audio and video chat sessions as well. Because XMPP is an open, standard protocol, users of CSAIL's Jabber server interoperates with many other public XMPP servers, including Google Talk. In addition to stand-alone instant messaging applications, CSAIL's Jabber server also supports a Web-based client, JWChat.

Note that Jabber's security model is somewhat different from other IM services. In particular, in order to subscribe to another user's presence information, that user must authorize you to do so (or else configure her client to automatically authorize such requests). However, you need not subscribe to someone's presence status to add them to your contact list ("roster" in Jabber terminology), nor to send them a direct instant message. However, if you are not on that user's roster, their client may ignore messages you send to them.

Multi-user chat (conferences, chatrooms)

The Jabber server supports unlimited numbers of conference rooms. To create a conference, simply join it; the first person to join a conference is automatically its owner. More capable clients can configure the conference, including enabling and disabling logging of conference activity, setting a password, or making the conference private.

General discussion room

There is a conference named watercooler, which is set aside specifically for general discussion. This conference is logged at (CSAIL Certificates required).

Casual technical discussion

The conference system-hackers is for off-the-cuff technical questions and answers. Mini-howtos, one-line questions, or assistance with issues outside TIG's support area, are all on-topic. Logged at (Its purpose has expanded since the original announcement.)

Web server for logs

If logs are enabled for a conference, they can be viewed at By default, the logs are completely public; ask help@csail if you would like to have them certificate-protected. (No other forms of access control are supported.)

Administering the Jabber server

There are two (slightly overlapping) aspects to configuring the Jabber server. There's a config file /etc/ejabberd/ejabberd.cfg which we administer by editing fai_config/trunk/files/etc/ejabberd/ in Subversion; there's a postinst script that merges some secrets into that to generate the actual config.

There's also a web configuration interface at You log in (if you're in the admin ACL) with your Jabber ID (including and your Jabber password.

The information in the config file is used at startup. Information in the Jabber database administered by the web UI is used on an ongoing basis. Some stuff is set one place, some is set someplace else. And at boot time, the things mentioned in the override_* directives will overwrite corresponding options in the database, so some changes made in the web UI will not persist across reboots.

More from Jabber chat:
(2012-08-16 13:31:03) wollman: there is a Web interface for administering the Jabber server at (2012-08-16 13:31:20) wollman: you can use your jid and regular jabber password to log in if you are in the admin group. wollman wollman-home wollman-phone (2012-08-16 13:32:23) jsekora: wollman: Oh, cool; I had no idea about that. (2012-08-16 13:33:04) wollman: that's the easiest place to change ACLs and the only place to update shared roster groups AFAIK (2012-08-16 13:33:12) jsekora: Although presumably config changes made there (at least to some things) will get overwritten by cfengine, right? (2012-08-16 13:33:19) wollman: nope (2012-08-16 13:33:49) wollman: ejabberd only reads the text config file when it starts, and some things (like shared roster groups) are only stored in the database (2012-08-16 13:33:58) jsekora: Hmmm, ejabberd.cfg lists who the admin users are, but the web UI seems also to let you add and remove admin users. (2012-08-16 13:34:20) wollman: see the first two statements in the config file (2012-08-16 13:34:39) wollman: make that the first three (2012-08-16 13:35:18) wollman: many sites only use the config file for bootstrapping and never touch it once the right information is in the database (2012-08-16 13:36:22) jsekora: Looks like when ejabberd is restarted Steve (jahl) will be taken out of the admin group then, right? Or does "override" mean the other way around? (2012-08-16 13:36:46) wollman: right, so someone still needs to add him to the config file. (2012-08-16 13:36:59) jsekora: OK, I'll do that.

Connecting to the Jabber server

(For specific instructions and recommended clients, see the next section.)

When on the CSAIL server, you are identified using your CSAIL email addresses ( In Jabber terminology, this is called a "Jabber ID" or "JID", and is all the information another user (whether at CSAIL or elsewhere) needs in order to contact you. You authenticate to the server using their CSAIL IMAP (email) password. If you do not use the CSAIL IMAP server, you should contact help@csail for assistance. (IMAP passwords are synchronized to the Jabber server once a day.)

Clients vary in how they handle the details of the connection. Some clients need only your Jabber ID and will figure out all the other details automatically. Some of the things you will need to specify, if you are not using one of the clients described below:

  • All sessions must be encrypted. Newer clients will use TLS (Transport Layer Security) on port 5222. Older clients will need to use SSL on port 5223. Most clients will choose the correct port automatically, but may need to be told to use encryption.
  • "Plaintext" passwords must be enabled.
  • Some clients cannot automatically determine the Jabber server to use; for these clients, you will have to explicitly specify (which is usually hidden away in an "Advanced" dialog).
  • Some clients cannot automatically determine the name of the Multi-User Conference (MUC or chatroom) service. If asked for a service name, use; if asked directly for the name of a chatroom, use

Recommended clients

If you have no reason to prefer another client, we recommend that Mac OS users use iChat AV (which comes with Mac OS), Windows users use Spark, and CSAIL Debian users use Psi or Kopete. You can also use the browser-based client JWChat.

We have tested the following clients and found them to operate successfully with our server:
  • Cross-platform: Pidgin, Psi
  • Mac OS X: iChat AV, Adium
  • Unix/Linux:
    • Gnome: Gossip
    • KDE: Kopete (the official KDE instant-messaging client)
    • Desktop-agnostic: Gajim (written in Python)
  • Windows: Pandion, Spark (actually a cross-platform client but we have only tested it under Windows)
  • Special-purpose: Coccinella, a shared whiteboard system, written in Tcl/Tk

Instructions for specific clients


Point your browser at Enter your username (not your JID—our JWChat installation is configured for CSAIL users only) and Jabber/IMAP password, and click "Login".


  1. Download Adium from and install/drag to Applications.
  2. From the Setup Wizard, enter:
    • "Account type:" XMPP
    • "Username:" (your CSAIL username)
    • "Domain:"
    • "Password:" (your CSAIL IMAP password)
  3. Click OK.
    • If you see "Adium can't verify the identity of jabber", click Accept.


The following instructions assume that you are using iChat for the first time.

  1. Open the iChat application (on a fresh Mac OS installation it will be in your dock already). At the first screen, click "Continue".
  2. At the Account Setup screen...
    • "Account Type:" Jabber Account
    • "Account Name:" (your CSAIL email address)
    • "Password:" (your CSAIL IMAP password)
    • "Server Options" -- click the disclosure triangle...
      • "Server:"
      • "Use SSL:" YES
  3. Click "Continue", then "Done".
    • If you see "iChat can't verify the identity of jabber", hit "Cancel" and quit iChat before install the CSAIL Master CA in Safari/Keychain as per CertificateSafariKeychainDeprecated? and trying again.

To add a new contact ("buddy") to your roster ("buddy list"), click on the "+" button in the main iChat window. To join a conference, select "Go to Chat..." from the File menu, and enter the full Jabber ID of the conference room (e.g.,


  1. Get to the Add Account screen (click the Add button, or if there isn't one, go to Accounts/Add-Edit)
  2. Choose "Protocol": XMPP
  3. Split your CSAIL email address into "Screen name" and "Domain." (e.g., will enter Screen name: joe and Domain:
  4. Enter your CSAIL IMAP password in "Password" and put a check mark next to "Remember password"
  5. Click "Save."

You should now be connected. To add a new contact ("buddy") to your roster, go to Buddies/Add Buddy, and enter their localpart (i.e., joe) under "Screen Name". To join a conference, go to Tools/Room List, and click "Get List" followed by "Find Rooms." Select the room you want, then click "Join."


Spark is very easy to configure. When it starts up for the first time, it will prompt you for the information it requires:

  1. Under "Username", enter your CSAIL username (not the full Jabber ID).
  2. Under "Password", enter your CSAIL IMAP password.
  3. Under "Server", enter
  4. Click "Login".

That's it. To add a new contact to your roster, from the menu select "Contacts" => "Add Contact", and type in the contact's Jabber ID (e.g., their CSAIL email address). To join a conference, select the "Conferences" tab, then click on the icon that looks like two small balloons (the ToolTip? reads "Join a Conference Room"). Spark will show you a list of public conferences, and you can bookmark conferences you join frequently. To join a conference, simply double click on it. To start a private conference, select "Actions" => "Start a Conference" and enter the Jabber IDs of the users you wish to invite to the conference. (Under "Room" you can change the name of the conference to something more meaningful; by default it's your name with a random string appended.)


Configuration for Pandion is very similar to Spark. When it starts up for the first time, it will prompt you for the information it requires:

  1. Under "Address", enter your Jabber ID (i.e., your CSAIL email address).
  2. Under "Password", enter your CSAIL IMAP password.
  3. Click "Log In".

To add a new contact to your roster, from the menu select "Actions" => "Add a Contact" and type in the contact's Jabber ID (e.g., their CSAIL email address). To join a conference room, select "Actions" => "Join a Conference Room" and select the room you want from the list provided.


Before starting Psi, you will need to get a copy of the CSAIL Master CA certificate. On CSAIL Debian you can find a copy in /etc/ssl/certs/csail-master.pem; otherwise download it using the link above.

When you first start it, it will open the "Add Account" dialog:
  1. Click "Use existing account" (the CSAIL server doesn't support Jabber registration).
  2. The "Account Properties" dialog will open. In the "Account" tab, under "Jabber ID" enter your CSAIL email address. You can enter your CSAIL IMAP password under "Password" if you want to save it on disk.
  3. Click "Save".
  4. A "Server Authentication" alert will pop up. Select "Continue" for now. Psi's main window should open.
  5. Using the menu button at bottom left, quit Psi.
  6. Find Psi's settings directory; in Unix, this will be ~/.psi; in Windows, it's usually C:\Documents and Settings\YOURUSERNAME\PsiData.
  7. Create a subdirectory called certs if one does not already exist.
  8. Copy the CSAIL Master CA certificate to the certs directory.
  9. Now restart Psi. It will pop up an alert saying "The hostname does not match the one the certificate was issued to"; click "Continue". (This alert is the result of a bug in the Jabber specification.)

To add a contact, select "Add a contact" from the menu at the bottom left of the Psi window (which is labeled with the Greek letter Psi), and enter their Jabber ID in the dialog where it is requested. To join a conference room, select "Join Groupchat" from the same menu, and enter under "Host", the name of the room (e.g., watercooler) under "Room", and the name you wish to be identified as when in the room (usually just your username) under "Nickname".
Edit | Attach | Print version | History: r22 | r20 < r19 < r18 < r17 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: 16 Aug 2013, FrankZhou

MIT Computer Science and Artificial Intelligence Laboratory


  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology