[ejabberd] Re: Ability to use any ldap account with no password

Oleg Kivel olegk at dp.ru
Fri Dec 3 09:46:13 MSK 2004


>> But why does ejabberd permit unauthorized access anyway? What will be
>> if bad guy decide to use JAJC without "Use plain text password"?

LJ> Plaintext passwords as opposed to legacy jabber shared-secret passwords.
LJ> None of these are 'unauthenticated'. Use of plaintext passwords wo tls
LJ> is not recommended but it's still not unauthenticated.

LJ>         MVH leifj

Could you explain it a little bit more?

Why can the ejabberd use the verified password in one case and can not
do the same in another case?


Kivel Oleg.



More information about the ejabberd mailing list