[ejabberd] Extending digest-md5 mechanism
pablo.platt at yahoo.com
Fri Aug 8 18:34:22 MSD 2008
I'm writing a module that extends the digest-md5 authentication in ejabberd to support subsequent authentication.
Network problems can cause to undesired disconnection and users expects the client to reconnect automatically
without asking for a password again.
After the user is logged in it is not safe to save the password on the client side.
The digest specs define a subsequent authentication mechanism in which the client remembers the
values used in the initial authentication (not the password), increase the 'nonce-count' by 1 and use it to
For these to work I need ejabberd to remember the values from the initial authentication and allow
a subsequent authentication.
I'm going to modify cyrsasl_digest.erl to support it but I have wondered if it's better to store the values in
an mnesia table or in memory?
Can I use the modified crysasl_digest module to handle storing and retrieving these values
or is it better to add this functionality to ejabberd_auth_internal.erl?
Is there a temp table that holds session data I can hook to and store these values without changing the db schema?
>From the specs (http://www.ietf.org/rfc/rfc2831.txt):
'If the client has previously authenticated to the server, and remembers the values of username, realm, nonce, nonce-count, cnonce,
and qop that it used in that authentication, and the SASL profile for a protocol permits an initial client response,
then it MAY perform "subsequent authentication", as defined in this section.'
' The client uses the values from the previous authentication and sends an initial response
with a string formatted and computed according to the rules for a "digest-response",
as defined above, but with a nonce-count one greater than used in the last "digest-response". '
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ejabberd