[ejabberd] external auth

Fabio Forno fabio.forno at gmail.com
Wed Apr 15 20:40:15 MSD 2009


On Wed, Apr 15, 2009 at 6:37 PM, Eric Cestari <eric at ohmforce.com> wrote:

> The problem is that the digest is built by hashing password and session id
> (the latter being of course onetime).
> Unless the password is stored in clear (and be able to rebuild the hash
> server-side), one can't re-hash the password with a different salt to auth
> against the stored password hash.
>
>
> So the only solution for a patch to work would be to have passwords stored
> in clear and in that case, the patch would be easy to write -- mnesia auth
> does that.

Yep, that's the general problem of digest auth which is impossible
without storing the password, but it's better than plain passwords
when it's difficult to start tls...

-- 
Fabio Forno, Ph.D.
Ooros srl
jabber id: ff at jabber.bluendo.com


More information about the ejabberd mailing list