>, you can choose which JUD will be the
recipient of the vCard updates by placing that one before any others in
the <TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
> list.

<A
NAME="JABTDG-CH-4-FOOTNOTE-11"
HREF="#FTN.JABTDG-CH-4-FOOTNOTE-11"
>[4]</A
>&#13;</P
><P
>If you're not running a JUD locally, or you simply don't want your users' vCard
updates going to a JUD, you can safely comment this tag out.</P
></DIV
><DIV
CLASS="SECT4"
><H4
CLASS="SECT4"
><A
NAME="JABTDG-CH-4-SECT-4.3.1.3.8"
>Browsable Service Information</A
></H4
><P
>As the Jabber server administrators, <I
CLASS="EMPHASIS"
>we</I
>
know what services are available on our Jabber server - what components
are connected and what features they offer. We know for example that
we're running a JUD locally, and have a <I
CLASS="EMPHASIS"
>Conferencing</I
>
component. </P
><P
>But how do we let the Jabber clients know? If they're to be able to provide
their users with an agreeable experience and expose them to all the server
features available, we need some way to allow them to request information
about what the server that they're connected to offers. Jabber has a 
powerful feature called 'browsing' which allows one entity to query another
entity for information. Browsing defines a simple request/response 
exchange and with that provides a singular and uniform way to retrieve
(on the requestors part) and expose (on the requestees part) feature
information and availability.</P
><P
>Bearing that in mind, we can guess what the 
<TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
>
section of the jsm custom configuration is for:</P
><P
><PRE
CLASS="SCREEN"
>&#60;browse&#62;
  &#60;service type="jud" jid="jud.yak" name="yak User Directory"&#62;
    &#60;ns&#62;jabber:iq:search&#60;/ns&#62;
    &#60;ns&#62;jabber:iq:register&#60;/ns&#62;
  &#60;/service&#62;
  &#60;conference type="public" jid="conference.yak" name="yak Conferencing"/&#62;
&#60;/browse&#62;</PRE
></P
><P
>Each child of the 
<TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
>
tag defines a feature - in this case a 'service' - that the Jabber server
offers. 
Of course, these services are the ones over and above the services provided
by the basic components such as 
<I
CLASS="EMPHASIS"
>Session Management</I
>, 
<I
CLASS="EMPHASIS"
>Hostname Resolution</I
> and so on.</P
><P
>So we have two services defined ('exposed') in the 
<TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
> configuration.</P
><P
>a local JUD:</P
><P
><PRE
CLASS="SCREEN"
>&#60;service type="jud" jid="jud.yak" name="yak User Directory"&#62;
  &#60;ns&#62;jabber:iq:search&#60;/ns&#62;
  &#60;ns&#62;jabber:iq:register&#60;/ns&#62;
&#60;/service&#62;</PRE
></P
><P
>and a conferencing service:</P
><P
><PRE
CLASS="SCREEN"
>&#60;conference type="public" jid="conference.yak" name="yak Conferencing"/&#62;</PRE
></P
><P
>The browsing features are covered in Part II, but briefly we can see
here that each browsable 'item' is identified by a JID (
<TT
CLASS="LITERAL"
>jid="jud.yak"</TT
> and
<TT
CLASS="LITERAL"
>jid="conference.yak"</TT
>) and is classified
using a category which is the combination of the item's outermost tag
and the value of the tag's type attribute. So the JUD is classified as
<TT
CLASS="LITERAL"
>service/jud</TT
> and has a JID of 
<TT
CLASS="LITERAL"
>jud.yak</TT
>, and the conferencing service
is classified as <TT
CLASS="LITERAL"
>conference/public</TT
>
and has a JID of <TT
CLASS="LITERAL"
>conference.yak</TT
>. 
The <TT
CLASS="OPTION"
>type=""</TT
> and <TT
CLASS="OPTION"
>jid=""</TT
> attributes are
required. Each item has an optional <TT
CLASS="OPTION"
>name=""</TT
> attribute for
use when the item is displayed, for example.</P
><P
>Some services offer well-known facilities such as search and registration,
which are commonly found across different services. These facilities 
can be described directly in the browse item, so that the entity requesting
information about services receives information directly in the first 
request 'hit' as to what facilities are available for each service:</P
><P
><PRE
CLASS="SCREEN"
>&#60;ns&#62;jabber:iq:search&#60;/ns&#62;
&#60;ns&#62;jabber:iq:register&#60;/ns&#62;</PRE
></P
><P
>The 'ns' in the facility tagname
(<TT
CLASS="LITERAL"
>&#60;ns/&#62;</TT
>) stands for namespace;
it is via namespace-qualified requests to a service that features are 
utilised. In this case, the 'search' facility is represented by the
<TT
CLASS="LITERAL"
>jabber:iq:search</TT
> namespace and the 
'registration' facility is represented by the
<TT
CLASS="LITERAL"
>jabber:iq:register</TT
>
namespace.</P
></DIV
></DIV
><DIV
CLASS="SECT3"
><H3
CLASS="SECT3"
><A
NAME="JABTDG-CH-4-SECT-4.3.1.4"
>Component Connection Method</A
></H3
><P
>Phew! Now that we've got the configuration out of the way, we can have
a look how the jsm is loaded. And we can see immediately from the 
<TT
CLASS="LITERAL"
>&#60;load/&#62;</TT
> tags that it's 
connected using the <I
CLASS="EMPHASIS"
>library load</I
> method. </P
><P
><PRE
CLASS="SCREEN"
>&#60;load main="jsm"&#62;
  &#60;jsm&#62;./jsm/jsm.so&#60;/jsm&#62;
  &#60;mod_echo&#62;./jsm/jsm.so&#60;/mod_echo&#62;
  &#60;mod_roster&#62;./jsm/jsm.so&#60;/mod_roster&#62;
  &#60;mod_time&#62;./jsm/jsm.so&#60;/mod_time&#62;
  &#60;mod_vcard&#62;./jsm/jsm.so&#60;/mod_vcard&#62;
  &#60;mod_last&#62;./jsm/jsm.so&#60;/mod_last&#62;
  &#60;mod_version&#62;./jsm/jsm.so&#60;/mod_version&#62;
  &#60;mod_announce&#62;./jsm/jsm.so&#60;/mod_announce&#62;
  &#60;mod_agents&#62;./jsm/jsm.so&#60;/mod_agents&#62;
  &#60;mod_browse&#62;./jsm/jsm.so&#60;/mod_browse&#62;
  &#60;mod_admin&#62;./jsm/jsm.so&#60;/mod_admin&#62;
  &#60;mod_filter&#62;./jsm/jsm.so&#60;/mod_filter&#62;
  &#60;mod_offline&#62;./jsm/jsm.so&#60;/mod_offline&#62;
  &#60;mod_presence&#62;./jsm/jsm.so&#60;/mod_presence&#62;
  &#60;mod_auth_plain&#62;./jsm/jsm.so&#60;/mod_auth_plain&#62;
  &#60;mod_auth_digest&#62;./jsm/jsm.so&#60;/mod_auth_digest&#62;
  &#60;mod_auth_0k&#62;./jsm/jsm.so&#60;/mod_auth_0k&#62;
  &#60;mod_log&#62;./jsm/jsm.so&#60;/mod_log&#62;
  &#60;mod_register&#62;./jsm/jsm.so&#60;/mod_register&#62;
  &#60;mod_xml&#62;./jsm/jsm.so&#60;/mod_xml&#62;
&#60;/load&#62;</PRE
></P
><P
>It's clear that the more complex version of the method is employed
here - as described in "Component Connection Methods" earlier in this
Chapter - the jsm module itself is loaded through the 
<TT
CLASS="LITERAL"
>&#60;jsm&#62;...&#60;/jsm&#62;</TT
> tag pair
and this in turn pulls in the other modules that are specified with
the <TT
CLASS="LITERAL"
>mod_*</TT
> module name tag pairs.</P
><P
>We've already become aquainted with some of the modules in this list; 
here's a quick summary of the ones that are being loaded here:</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><P
><B
>Modules loaded in jsm</B
></P
><DL
><DT
><TT
CLASS="FILENAME"
>mod_echo</TT
></DT
><DD
><P
>This module provides a simple echo service that echoes back whatever you
send it.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_roster</TT
></DT
><DD
><P
>This module provides roster management services; the roster is stored 
server-side.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_time</TT
></DT
><DD
><P
>You can request the server send you a timestamp local to the server - this
is the module that handles this request.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_vcard</TT
></DT
><DD
><P
>This is the module that handles requests for the Jabber server's vCard and
also the user vCard management (such as submission to a JUD on change, and
storing / retrieving the data from the server-side storage). </P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_last</TT
></DT
><DD
><P
>The <TT
CLASS="FILENAME"
>mod_last</TT
> provides facilities for returning 'last
logout' information for users, or in the case of a query on the server 
itself, server uptime.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_version</TT
></DT
><DD
><P
>This is the module that provides the version query service described
earlier in <A
HREF="x1740.htm#JABTDG-CH-4-SECT-4.3.1.3.6"
>the section called <I
>Update Info Request</I
></A
>.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_announce</TT
></DT
><DD
><P
>The server-wide announcements and MOTD facilities available to 
Jabber server administrators are provided by this module.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_agents</TT
></DT
><DD
><P
>The <TT
CLASS="FILENAME"
>mod_agents</TT
> module responds to
requests for 'agent' information made to the server. This is the module
that returns the information in the 
<TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
>
tag in the jsm configuration.
It can also return a summary of the server consisting of the server's
vCard and whether new user registrations are open.</P
><P
>When returning <TT
CLASS="LITERAL"
>&#60;browse/&#62;</TT
>
data, it gives
similar information to <TT
CLASS="FILENAME"
>mod_browse</TT
> (see the next
entry) and is provided for backwards compatibility. The agent information
is requested with two namespaces, <TT
CLASS="FILENAME"
>iq:agent</TT
> (for information
on the server) and <TT
CLASS="FILENAME"
>iq:agents</TT
> (for information on a 
list of 'agents' - the old name for 'services');
these namespaces are being 'retired' in deference to the
new <TT
CLASS="FILENAME"
>iq:browse</TT
> namespace.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_browse</TT
></DT
><DD
><P
>The <TT
CLASS="FILENAME"
>mod_browse</TT
> module responds to browsing requests made
on the server or on users defined on that server. The module can also be used
by users to modify the information returned if a browse request is made against
them.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_admin</TT
></DT
><DD
><P
>This module provides the administrative features described in 
<A
HREF="x1740.htm#JABTDG-CH-4-SECT-4.3.1.3.5"
>the section called <I
>Administration</I
></A
>. The module itself 
determines which JIDs are allowed access to which features 
(according to the configuration in the 
<TT
CLASS="LITERAL"
>&#60;admin/&#62;</TT
> block).</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_filter</TT
></DT
><DD
><P
>The services described in <A
HREF="x1740.htm#JABTDG-CH-4-SECT-4.3.1.3.1"
>the section called <I
>Filter Service</I
></A
>
are provided by this module.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_offline</TT
></DT
><DD
><P
>Being offline - which in this sense means not being connected to the Jabber
server and having an (online) <I
CLASS="EMPHASIS"
>session</I
> - doesn't prevent
a user receiving messages. They are merely stored offline and forwarded to 
him when he becomes available - when he logs on and starts a session. 
<TT
CLASS="FILENAME"
>mod_offline</TT
> provides these storage
and forwarding services. 

<A
NAME="JABTDG-CH-4-FOOTNOTE-12"
HREF="#FTN.JABTDG-CH-4-FOOTNOTE-12"
>[5]</A
>&#13;</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_presence</TT
></DT
><DD
><P
>The management of presence information - whether a user is online or offline,
what his presence settings currently are, who should be sent the information,
and so on - these facilities are provided by the
<TT
CLASS="FILENAME"
>mod_presence</TT
> module.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_auth_*</TT
></DT
><DD
><P
>Authentication must take place when a user connects to the Jabber server
and wishes to start a session. There are currently three types of 
authentication supported by the Jabber server - the differentiation is 
in how the password exchange and comparison is managed:
<P
></P
><UL
><LI
><DIV
CLASS="FORMALPARA"
><P
><B
>plaintext. </B
>User passwords are stored in plaintext on the server and are transmitted
from the client to the server in plaintext.

<A
NAME="JABTDG-CH-4-FOOTNOTE-13"
HREF="#FTN.JABTDG-CH-4-FOOTNOTE-13"
>[6]</A
>

A simple comparison is made at the server to validate. </P
></DIV
></LI
><LI
><DIV
CLASS="FORMALPARA"
><P
><B
>digest. </B
>User passwords are stored in plaintext on the server but no password is
transmitted from the client to the server; instead, an SHA-1 digest is 
created by the client from the concatenation of the client's session id
and the password and sent to the server, where the same digest operation 
is carried out and the results compared.</P
></DIV
></LI
><LI
><DIV
CLASS="FORMALPARA"
><P
><B
>zero knowledge. </B
>No user passwords are stored on the server, nor transmitted from the 
client to the server. A combination of hash sequencing on the client
side with a final hash and comparison on the server side allows credentials
to be checked in a secure way.</P
></DIV
></LI
></UL
>
There are three <TT
CLASS="FILENAME"
>mod_auth_*</TT
> modules - one for each
of these authentication types.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_log</TT
></DT
><DD
><P
><TT
CLASS="FILENAME"
>mod_log</TT
> simply records the ending of each user session.</P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_register</TT
></DT
><DD
><P
>The <TT
CLASS="FILENAME"
>mod_register</TT
> module provides the services to
register (create a new user) and unregister (remove a user) with the 
server. </P
></DD
><DT
><TT
CLASS="FILENAME"
>mod_xml</TT
></DT
><DD
><P
>St