[ejabberd] external auth

Jorge Guntanis jorge.guntanis at telcentris.com
Wed Apr 15 20:03:53 MSD 2009



On Apr 15, 2009, at 6:01 AM, Jesse Thompson wrote:

> Fabio Forno wrote:
>> hi,
>> two rapid questions about ext auth:
>> - I've seen there is just plain password implemented, is there any
>> hidden reason for this? The patch for digest auth seems  quite
>> trivial, I can provide it quickly, but perhaps there is something I'm
>> missing...
>
> My understanding is that the provided script is just a sample.  Most  
> sites that need to use an external auth script need to do something  
> custom to their environment.  Those that need a specific feature,  
> such as digest auth, will just add it themselves.
>
> While it wouldn't hurt to throw more features into the script to  
> scratch your own itch, it wouldn't necessarily scratch anyone elses  
> itch.  The risk is that it adds to the complexity of the script,  
> which may make it more daunting to people that want to modify it in  
> a different way.
>

Right, I think by using external authentication, you are leveraging  
the whole authentication process to a higher layer on your  
implementation, ie. your perl/sh/logo script. Personally, I think that  
should stay that way, or branch into a more complex module as a  
contribution.

>> - in the port protocol params all concatenated in one string using  
>> ":"
>> as separator, but I think ":" is allowed in passwords and I don't see
>> any escaping.
>
> The password is the last argument, so you can just do something like  
> this:
>
>    my ($op,$user,$domain, at buffer_remainder) = split /:/,$buf;
>    my $password = join ':', @buffer_remainder;
>

Again part of above' problem, the module assumes you will take care of  
this at a higher layer, and not allow that character from starters.  
This is a good catch though, may be the module can separate the string  
by using a character that can not be input directly from a keyboard. I  
will work on a patch for this and submit it.

> (TMOWTDI)
>
> Jesse
>
> -- 
>  Jesse Thompson
>  Division of Information Technology, University of Wisconsin-Madison
>  Email/IM: jesse.thompson at doit.wisc.edu
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd

Best,
Jorge G.


More information about the ejabberd mailing list