[ejabberd] external auth

Fabio Forno fabio.forno at gmail.com
Wed Apr 15 20:40:15 MSD 2009

On Wed, Apr 15, 2009 at 6:37 PM, Eric Cestari <eric at ohmforce.com> wrote:

> The problem is that the digest is built by hashing password and session id
> (the latter being of course onetime).
> Unless the password is stored in clear (and be able to rebuild the hash
> server-side), one can't re-hash the password with a different salt to auth
> against the stored password hash.
> So the only solution for a patch to work would be to have passwords stored
> in clear and in that case, the patch would be easy to write -- mnesia auth
> does that.

Yep, that's the general problem of digest auth which is impossible
without storing the password, but it's better than plain passwords
when it's difficult to start tls...

Fabio Forno, Ph.D.
Ooros srl
jabber id: ff at jabber.bluendo.com

More information about the ejabberd mailing list