[ejabberd] Re: Ability to use any ldap account with no password
olegk at dp.ru
Fri Dec 3 09:46:13 MSK 2004
>> But why does ejabberd permit unauthorized access anyway? What will be
>> if bad guy decide to use JAJC without "Use plain text password"?
LJ> Plaintext passwords as opposed to legacy jabber shared-secret passwords.
LJ> None of these are 'unauthenticated'. Use of plaintext passwords wo tls
LJ> is not recommended but it's still not unauthenticated.
LJ> MVH leifj
Could you explain it a little bit more?
Why can the ejabberd use the verified password in one case and can not
do the same in another case?
More information about the ejabberd