[JDEV] Re: password encription

zad zadk at mynet.com
Mon May 14 00:53:15 CDT 2001


It might be easier to help if we could see jabber.xml and server logs.

zad

> -----Original Message-----
> From: jdev-admin at jabber.org [mailto:jdev-admin at jabber.org]On
> Behalf Of Dillip Kumar Swain
> Sent: Saturday, May 12, 2001 10:53 AM
> To: jdev at jabber.org
> Cc: jdev-admin at jabber.org
> Subject: [JDEV] Re: password encription
>
>
> Hi Peter
>
> I am going thru your both conditions  for Encrypted passwd..
> but still I am getting passwd visible in a plain text once/twice.
> and it shows passwd of friendliests user's also..
>  From http://mailman.jabber.org/listinfo/jadmin/ ..I didn't get
> any valuable
> solution  to handle it..
>
> So, Please advice me, How will I manage fully encrypted passwd..?
>
> Thanx & regards
> Dillip
>
> > Message: 2
> > Date: Fri, 11 May 2001 10:03:47 -0600
> > From: Peter Saint-Andre <stpeter at jabber.org>
> > Organization: http://www.jabber.org/
> > To: jdev at jabber.org
> > Subject: Re: [JDEV] password encription
> > Reply-To: jdev at jabber.org
> >
> > I'm sure there has been discussion of this on the JADMIN list (visit
> > http://mailman.jabber.org/listinfo/jadmin/ to sign up), which is
> > dedicated to issues of this kind (as opposed to the JDEV list, which is
> > for software development questions). However, it's good to know that the
> > order of modules in the <load main="jsm"> section of jabber.xml is
> > important, since it determines the order in which various modules are
> > called. So in order to make sure that plaintext passwords are not an
> > option, you could simply comment out the following line in the <load
> > main="jsm"> section:
> >
> > <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
> >
> > Alternatively, you could change the order of modules so that
> > mod_auth_plain comes after <mod_auth_digest> and/or <mod_auth_0k/>, in
> > which case plaintext passwords would still be possible (you might want
> > to do this in order to support telnet access, server test scripts, or
> > whatever).
> >
> > Peter
> >
> > --
> > Peter Saint-Andre
> > stpeter at jabber.org
> >
> > Dillip Kumar Swain wrote:
> >
> > > /Hi Guys.../
> > >
> > > /I am using Jabber Server-1.4.1/
> > >
> > > /can you please advice me how will I encrypted passwd rather
> than plain
> > > text./
> > >
> > > /Thanx in advance/
> > >
> > >
> > >
> > > /regards/
> > >
> > > /dillip/
> > >
> >
> >
> >
> >
> > --__--__--
> >
> > Message: 3
> > From: Max Metral <Max.Metral at PeoplepcHQ.com>
> > To: "'jdev at jabber.org'" <jdev at jabber.org>
> > Subject: RE: [JDEV] Server feature request
> > Date:  Fri, 11 May 2001 09:24:06 -0700
> > Reply-To: jdev at jabber.org
> >
> > This might make it a bit annoying to write automated scripts...
>  Unless we
> > have some way of finding out what state the server is in?
> >
> > -----Original Message-----
> > From: dizzyd at dizzyd.com [mailto:dizzyd at dizzyd.com]
> > Sent: Friday, May 11, 2001 9:05 AM
> > To: jdev at jabber.org
> > Subject: Re: [JDEV] Server feature request
> >
> >
> >
> > In the next iteration of server development, MIO will be modified such
> > that it will not will use SIGUSR2 for this. Having debugging turned on
> > via SIGUSR2 is intriguing and we'll look into that for the next
> > iteration. Probably, it would simply be used as a boolean -- if
> > debugging is off SIGUSR2 would turn it on and vice-versa. This way we
> > don't need to have so many signals just to turn debugging on and off.
> >
> > Diz
> >
> >
> > On Thu, May 10, 2001 at 10:53:25PM -0500, temas wrote:
> > > SIGUSR2 is used by mio as a mechanism to break the loop so new sockets
> > > can be added and stuff like that.
> > >
> > > --temas
> > >
> > > On 10 May 2001 18:18:23 -0600, David Waite wrote:
> > > > kadokev at msg.net wrote:
> > > >
> > > > > > Those are the definitions of those signals in BIND though. They
> have
> > > > > > different (already used) meaning within Jabber - they
> are used by
> > pth
> > > > > > (and I believe MIO). They are simply user-defined signals.
> > > > >
> > > > > Right, exactly.
> > > > >
> > > > > So we pick two new signals to serve this purpose in Jabber, the
> > concept is
> > > > > still the same. So we use SIGINFO to turn on debugging,
> and SIGWINCH
> > to turn
> > > > > it off, or any two other signals that are not already taken.
> > > > >
> > > > > It would also be useful to have the ability to turn
> debugging on and
> > off by
> > > > > sending an admin message, but the signal method is more important,
> as
> > it would
> > > > > be very useful to debugging cases where I cannot connect/login at
> all,
> > and thuse
> > > > > cannot send any messages...
> > > >
> > > > I'd welcome "any two other signals which are not already taken." The
> > system or parent
> > > > process sends those signals. I do not believe SIGINFO is defined on
> > i386, its also
> > > > mapped to SIGPWR which is an exit on some other platforms,
> SIGWINCH is
> > sent whenever
> > > > the terminal size changes - it sure wouldn't help me debug if the
> > program behavior
> > > > changed when I resized the terminal I was getting output in :-).
> > > >
> > > > If those signals weren't used internally, I agree it would
> be a really
> > nice feature
> > > > to add (you actually only need one signal as a toggle, really). What
> is
> > SIGUSR2
> > > > really used for?
> > > >
> > > > > Kevin
> > > > >
> > > > > > -David Waite
> > > > > > kadokev at msg.net wrote:
> > > > > > >Server feature request, the ability to turn debugging on/off by
> > sending a
> > > > > > >Unix signal to the jabberd process, something like this:
> > > > > > >
> > > > > > >     SIGUSR1   Turns on debugging; each SIGUSR1
> increments debug
> > level.
> > > > > > >               (SIGEMTon older systems without SIGUSR1.)
> > > > > > >
> > > > > > >     SIGUSR2   Turns off debugging completely.
> (SIGFPEon older
> > systems
> > > > > > >               without SIGUSR2.)
> > > > > > >
> > > > > > >The astute observer will notice that the two
> paragraphs above are
> > verbatim from
> > > > > > >the documentation for BIND :-)
> > > > > ...
> > > > > > >>Yes!! It's been a long time I was thinking about it!
> > > > > > >>In certain cases it is just necessary...
> > > > > > >>
> > > > > > >>/MAciek
> > > > > > >>
> > > > > > >>On Thu, 10 May 2001 11:45:35 -0600 Malone, Pat wrote:
> > > > > > >>
> > > > > > >>>In trying to work through a nasty client problem today, I had
> 'if
> > only'
> > > > > > >>>thought pass through my head.  So, here is a wish
> item for the
> > jabberd
> > > > > > >>>developer gods:
> > > > > > >>>
> > > > > > >>> Enable the ability to send a sig of some kind to jabberd to
> > toggle
> > > > > > >>>debugging on and off, a.k.a. the way debug can be
> toggled with
> > named.
> > > > > > >>>
> > > > > > >>>It sure would be nice to toggle debug on when a problem shows
> up
> > without
> > > > > > >>>having to kill the server.
> > > > > _______________________________________________
> > > > > jdev mailing list
> > > > > jdev at jabber.org
> > > > > http://mailman.jabber.org/listinfo/jdev
> > > >
> > > > _______________________________________________
> > > > jdev mailing list
> > > > jdev at jabber.org
> > > > http://mailman.jabber.org/listinfo/jdev
> > >
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
> >
> > --__--__--
> >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> >
> >
> > End of jdev Digest
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>




More information about the JDev mailing list