[JDEV] authentication and logging mechanisms
Benoit Orihuela
borihuela at idealx.com
Tue Mar 27 04:37:59 CST 2001
hi,
I have two questions about authentication and logging mechanisms ...
* When you log into jabber, presence requests (of 'probe' type) are
sent to your buddies. In order to know if these buddies exist,
jabber sends an 'auth:get' request to the xdb module and forces it
to send the userPassword of the buddy to jabber. could not it be
possible to do that in another way ? for instance, to add a sort of
'auth:check' request which will just test the existence of the user
?
* I use 0k auth method but Jabber always starts by doing 'auth:get'
requests (instead of 'auth:0k:get' requests) to the xdb module when
I log into Jabber (and if auth:get request is successfull, it will
make the auth:0k:get request). so my userPassword is always
transmitted in clear text ... I tried to remove the auth namespace
(and just leave the auth:0k ns) but then Jabber thinks I do not
exist ...
thanks in advance for your answers,
Benoit.
--
Benoit Orihuela
IDEALX S.A.S.
More information about the JDev
mailing list