[ejabberd] check_password and ejabberd_auth_http

Stefan Strigler stefan.strigler at gmail.com
Wed Jul 13 16:17:15 MSK 2016


Hey,

I think all you have to do is not enabled SCRAM for passwords. Then
check_password with the password will be called. See here:

https://github.com/processone/ejabberd-contrib/blob/master/ejabberd_auth_http/src/ejabberd_auth_http.erl#L76


Greets, Stefan

On Wed, Jul 13, 2016 at 2:21 PM Florian Sailer <fs at sailer-interactive.com>
wrote:

> Hi,
>
> i'm currently evaluating ejabberd and try to setup auth with the module
> ejabberd_auth_http.
> I got the module working and whenever a user authenticates ejabberd is
> making the following get request to my http API:
>
>   /xmppauth/get_password?user=test&server=myserver.com&pass=
>
> This works fine when i return the clear text password through the API.
>
> However, instead of "get_password" i would rather like ejabberd to call
> "check_password", so that i can validate the password the user has
> entered within the API service. There are a lot of references to
> "check_password" in the docs and the code of ejabberd_auth_http but i
> can't figure out how to influence whether get_password or check_password
> are being used.
>
> Im using ejabberd 16.06 on Ubuntu 14.04.
>
> This is my auth setup:
>
> auth_method: http
> auth_opts:
>    host: "https://www.myserver.com"
>    path_prefix: "/xmppauth/"
>
>
> Any help would be very much appreciated.
>
> -- Florian
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20160713/cfe094ce/attachment.html>


More information about the ejabberd mailing list