[JDEV] mod_auth_crypt
Fabien Ninoles
fabien at Nightbird.Dynamic.TZoNE.ORG
Sun Aug 5 21:20:00 CDT 2001
I just finish an implementation of a mod_auth_crypt that save the
password in a crypted form (using crypt) just like a standard (not md5)
password file. Currently, it works. But here is the drawback:
1- The password must be send in clear text. Yep, since it's a one way
authorization, the client can't know the salt with which I encrypt the
password. So I need it in clear text, so this make not-ssl connection
insecure (but a clear connection is already insecure).
2- digest no more works if you remove the mod_auth_plain. Since the
client send a digest password to the server, the server has to know the
clear text password.
The file is available at this url:
http://www.tzone.org/~fabien/jabber/mod_auth_crypt.c
The file goes in jsm/modules of jabber2 cvs src and the following change
is also required:
- Add the file to the right object list into jsm/Makefile and
jsm/modules/Makefile.
- Add a #define NS_AUTH_CRYPT "jabber:iq:auth:crypt" into the
jabberd/lib/lib.h.
Old account can be converts by adding a
<crypt xmlns="jabber:iq:auth:crypt" xdbns="jabber:iq:auth:crypt">CRYPTPASS</crypt>
where CRYPTPASS is the string obtain by passing a salt ("NC" is good for
and the clear text password to this command:
perl -e 'print &crypt("password","NC"),"\n";'
(Sorry, don't know enough perl to make a complete conversion script
without too much time... I'm pretty sure a perl expert will do it easily
however ;)
So, now, I will look to register and authenticate directly against the
/etc/passwd file of the server. Must be easier than LDAP ;)
Good bye,
Fabien,
very sorry for his bad english :-/
--
fabien at tzone.org http://www.tzone.org/~fabien
GPG KeyID: C15D FE9E BB35 F596 127F BF7D 8F1F DFC9 BCE0 9436
More information about the JDev
mailing list