[ejabberd] password insecurity

H.-Chr. Schreiber christian.schreiber at imessage.de
Fri Jun 14 18:38:38 MSK 2013


Hej,

i've written a python script to authenticate against imap. For an 
example
see the official ejabberd documentation [1].

That script reads from stdin in an endless loop. The input will be
splittet into an array:

> return sys.stdin.read(size).split(':')

If colons allowed in your passwords (so in my case) you should do:
> return sys.stdin.read(size).split(':', 3)


Choose auth_method external in your ejabberd configuration e.g.:

--------------------- %< ----------------------
{auth_method, external}.
{extauth_instances, 4}.
{extauth_cache, 600}.
{extauth_program, 
"/opt/ejabberd-extauth-imap/ejabberd-extauth-imap.py"}.

--------------------- %< ----------------------

That works pretty good for me. AFAIK extauth_cache is the cause for
cleartext passwords in mnesia. So eventually you can avoid that by 
disabling cache.
I don't really know if this is possible, but probably not.

Reagards,
Christian

[1] 
  
  
  
  
  
  
  
  
git.process-one.net/ejabberd/mainline/blobs/raw/2.1.x/doc/dev.html#htoc8


More information about the ejabberd mailing list