[ejabberd] external auth
eric at ohmforce.com
Wed Apr 15 20:37:08 MSD 2009
Le 15 avr. 09 à 11:47, Fabio Forno a écrit :
> two rapid questions about ext auth:
> - I've seen there is just plain password implemented, is there any
> hidden reason for this? The patch for digest auth seems quite
> trivial, I can provide it quickly, but perhaps there is something I'm
The problem is that the digest is built by hashing password and
session id (the latter being of course onetime).
Unless the password is stored in clear (and be able to rebuild the
hash server-side), one can't re-hash the password with a different
salt to auth against the stored password hash.
So the only solution for a patch to work would be to have passwords
stored in clear and in that case, the patch would be easy to write --
mnesia auth does that.
> - in the port protocol params all concatenated in one string using ":"
> as separator, but I think ":" is allowed in passwords and I don't see
> any escaping.
> Fabio Forno, Ph.D.
> Bluendo srl http://www.bluendo.com
> jabber id: ff at jabber.bluendo.com
> ejabberd mailing list
> ejabberd at jabber.ru
More information about the ejabberd