[ejabberd] Extending digest-md5 mechanism

Pablo Platt pablo.platt at yahoo.com
Fri Aug 8 18:34:22 MSD 2008


Hello,

I'm writing a module that extends the digest-md5 authentication in ejabberd to support subsequent authentication.
Network problems can cause to undesired disconnection and users expects the client to reconnect automatically
without asking for a password again.
After the user is logged in it is not safe to save the password on the client side.

The digest specs define a subsequent authentication mechanism in which the client remembers the 
values used in the initial authentication (not the password), increase the 'nonce-count' by 1 and use it to 
authenticate again.

For these to work I need ejabberd to remember the values from the initial authentication and allow
a subsequent authentication. 
I'm going to modify cyrsasl_digest.erl to support it but I  have wondered if it's better to store the values in 
an mnesia table or in memory?
Can I use the modified crysasl_digest module to handle storing and retrieving these values 
or is it better to add this functionality to ejabberd_auth_internal.erl?
Is there a temp table that holds session data I can hook to and store these values without changing the db schema?


>From the specs (http://www.ietf.org/rfc/rfc2831.txt):

'If the client has previously authenticated to the server, and    remembers the values of username, realm, nonce, nonce-count, cnonce, 
and qop that it used in that authentication, and the SASL profile for    a protocol permits an initial client response, 
then it MAY perform    "subsequent authentication", as defined in this section.'

' The client uses the values from the previous authentication and sends    an initial response 
with a string formatted and computed according to    the rules for a "digest-response", 
as defined above, but with a    nonce-count one greater than used in the last "digest-response". '

Best,
Pablo


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20080808/505beab8/attachment.html>


More information about the ejabberd mailing list