[JDEV] Re: password encription

Peter Saint-Andre stpeter at jabber.org
Sat May 12 17:29:31 CDT 2001 

Where are you seeing the password in a non-encrypted state? In the 
user's xml file within the spool directory, or in the XML stream that 
gets passed between the user and the server?

The URL I gave you (http://mailman.jabber.org/listinfo/jadmin) is to 
sign up for the JADMIN list -- the archives of that list contain a 
discussion of the question you have raised, but I'm not sure of the 
exact dates of that discussion.

Peter

Dillip Kumar Swain wrote:

> Hi Peter
> 
> I am going thru your both conditions  for Encrypted passwd..
> but still I am getting passwd visible in a plain text once/twice.
> and it shows passwd of friendliests user's also..
>  From http://mailman.jabber.org/listinfo/jadmin/ ..I didn't get any valuable
> solution  to handle it..
> 
> So, Please advice me, How will I manage fully encrypted passwd..?
> 
> Thanx & regards
> Dillip
> 
> 
>>Message: 2
>>Date: Fri, 11 May 2001 10:03:47 -0600
>>From: Peter Saint-Andre <stpeter at jabber.org>
>>Organization: http://www.jabber.org/
>>To: jdev at jabber.org
>>Subject: Re: [JDEV] password encription
>>Reply-To: jdev at jabber.org
>>
>>I'm sure there has been discussion of this on the JADMIN list (visit
>>http://mailman.jabber.org/listinfo/jadmin/ to sign up), which is
>>dedicated to issues of this kind (as opposed to the JDEV list, which is
>>for software development questions). However, it's good to know that the
>>order of modules in the <load main="jsm"> section of jabber.xml is
>>important, since it determines the order in which various modules are
>>called. So in order to make sure that plaintext passwords are not an
>>option, you could simply comment out the following line in the <load
>>main="jsm"> section:
>>
>><mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
>>
>>Alternatively, you could change the order of modules so that
>>mod_auth_plain comes after <mod_auth_digest> and/or <mod_auth_0k/>, in
>>which case plaintext passwords would still be possible (you might want
>>to do this in order to support telnet access, server test scripts, or
>>whatever).
>>
>>Peter
>>
>>--
>>Peter Saint-Andre
>>stpeter at jabber.org
>>
>>Dillip Kumar Swain wrote:
>>
>>
>>>/Hi Guys.../
>>>
>>>/I am using Jabber Server-1.4.1/
>>>
>>>/can you please advice me how will I encrypted passwd rather than plain
>>>text./
>>>
>>>/Thanx in advance/
>>>
>>>
>>>
>>>/regards/
>>>
>>>/dillip/
>>>
>>>
>>
>>
>>
>>--__--__--
>>
>>Message: 3
>>From: Max Metral <Max.Metral at PeoplepcHQ.com>
>>To: "'jdev at jabber.org'" <jdev at jabber.org>
>>Subject: RE: [JDEV] Server feature request
>>Date:  Fri, 11 May 2001 09:24:06 -0700
>>Reply-To: jdev at jabber.org
>>
>>This might make it a bit annoying to write automated scripts...  Unless we
>>have some way of finding out what state the server is in?
>>
>>-----Original Message-----
>>From: dizzyd at dizzyd.com [mailto:dizzyd at dizzyd.com]
>>Sent: Friday, May 11, 2001 9:05 AM
>>To: jdev at jabber.org
>>Subject: Re: [JDEV] Server feature request
>>
>>
>>
>>In the next iteration of server development, MIO will be modified such
>>that it will not will use SIGUSR2 for this. Having debugging turned on
>>via SIGUSR2 is intriguing and we'll look into that for the next
>>iteration. Probably, it would simply be used as a boolean -- if
>>debugging is off SIGUSR2 would turn it on and vice-versa. This way we
>>don't need to have so many signals just to turn debugging on and off.
>>
>>Diz
>>
>>
>>On Thu, May 10, 2001 at 10:53:25PM -0500, temas wrote:
>>
>>>SIGUSR2 is used by mio as a mechanism to break the loop so new sockets
>>>can be added and stuff like that.
>>>
>>>--temas
>>>
>>>On 10 May 2001 18:18:23 -0600, David Waite wrote:
>>>
>>>>kadokev at msg.net wrote:
>>>>
>>>>
>>>>>>Those are the definitions of those signals in BIND though. They
>>>>>>
> have
> 
>>>>>>different (already used) meaning within Jabber - they are used by
>>>>>>
>>pth
>>
>>>>>>(and I believe MIO). They are simply user-defined signals.
>>>>>>
>>>>>Right, exactly.
>>>>>
>>>>>So we pick two new signals to serve this purpose in Jabber, the
>>>>>
>>concept is
>>
>>>>>still the same. So we use SIGINFO to turn on debugging, and SIGWINCH
>>>>>
>>to turn
>>
>>>>>it off, or any two other signals that are not already taken.
>>>>>
>>>>>It would also be useful to have the ability to turn debugging on and
>>>>>
>>off by
>>
>>>>>sending an admin message, but the signal method is more important,
>>>>>
> as
> 
>>it would
>>
>>>>>be very useful to debugging cases where I cannot connect/login at
>>>>>
> all,
> 
>>and thuse
>>
>>>>>cannot send any messages...
>>>>>
>>>>I'd welcome "any two other signals which are not already taken." The
>>>>
>>system or parent
>>
>>>>process sends those signals. I do not believe SIGINFO is defined on
>>>>
>>i386, its also
>>
>>>>mapped to SIGPWR which is an exit on some other platforms, SIGWINCH is
>>>>
>>sent whenever
>>
>>>>the terminal size changes - it sure wouldn't help me debug if the
>>>>
>>program behavior
>>
>>>>changed when I resized the terminal I was getting output in :-).
>>>>
>>>>If those signals weren't used internally, I agree it would be a really
>>>>
>>nice feature
>>
>>>>to add (you actually only need one signal as a toggle, really). What
>>>>
> is
> 
>>SIGUSR2
>>
>>>>really used for?
>>>>
>>>>
>>>>>Kevin
>>>>>
>>>>>
>>>>>>-David Waite
>>>>>>kadokev at msg.net wrote:
>>>>>>
>>>>>>>Server feature request, the ability to turn debugging on/off by
>>>>>>>
>>sending a
>>
>>>>>>>Unix signal to the jabberd process, something like this:
>>>>>>>
>>>>>>>    SIGUSR1   Turns on debugging; each SIGUSR1 increments debug
>>>>>>>
>>level.
>>
>>>>>>>              (SIGEMTon older systems without SIGUSR1.)
>>>>>>>
>>>>>>>    SIGUSR2   Turns off debugging completely.   (SIGFPEon older
>>>>>>>
>>systems
>>
>>>>>>>              without SIGUSR2.)
>>>>>>>
>>>>>>>The astute observer will notice that the two paragraphs above are
>>>>>>>
>>verbatim from
>>
>>>>>>>the documentation for BIND :-)
>>>>>>>
>>>>>...
>>>>>
>>>>>>>>Yes!! It's been a long time I was thinking about it!
>>>>>>>>In certain cases it is just necessary...
>>>>>>>>
>>>>>>>>/MAciek
>>>>>>>>
>>>>>>>>On Thu, 10 May 2001 11:45:35 -0600 Malone, Pat wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>>In trying to work through a nasty client problem today, I had
>>>>>>>>>
> 'if
> 
>>only'
>>
>>>>>>>>>thought pass through my head.  So, here is a wish item for the
>>>>>>>>>
>>jabberd
>>
>>>>>>>>>developer gods:
>>>>>>>>>
>>>>>>>>>Enable the ability to send a sig of some kind to jabberd to
>>>>>>>>>
>>toggle
>>
>>>>>>>>>debugging on and off, a.k.a. the way debug can be toggled with
>>>>>>>>>
>>named.
>>
>>>>>>>>>It sure would be nice to toggle debug on when a problem shows
>>>>>>>>>
> up
> 
>>without
>>
>>>>>>>>>having to kill the server.
>>>>>>>>>
>>>>>_______________________________________________
>>>>>jdev mailing list
>>>>>jdev at jabber.org
>>>>>http://mailman.jabber.org/listinfo/jdev
>>>>>
>>>>_______________________________________________
>>>>jdev mailing list
>>>>jdev at jabber.org
>>>>http://mailman.jabber.org/listinfo/jdev
>>>>
>>>_______________________________________________
>>>jdev mailing list
>>>jdev at jabber.org
>>>http://mailman.jabber.org/listinfo/jdev
>>>
>>_______________________________________________
>>jdev mailing list
>>jdev at jabber.org
>>http://mailman.jabber.org/listinfo/jdev
>>
>>
>>--__--__--
>>
>>_______________________________________________
>>jdev mailing list
>>jdev at jabber.org
>>http://mailman.jabber.org/listinfo/jdev
>>
>>
>>End of jdev Digest
>>
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
> 
> .
> 
>

More information about the JDev mailing list