[JDEV] Plain text passwords being stored in xdb file
John Reinke
John.M.Reinke at mail.sprint.com
Fri Apr 5 09:49:58 CST 2002
On Fri, 2002-04-05 at 07:37, kavita at worldgatein.net wrote:
> While testing (prior to deployment), I noticed that passwords for
> various services for users were
> being stored in plain text in the user.xml xdb files.
> Is this a known bug, and has it been fixed in 1.4.2?
>
> Plain text passwords should ideally not be easily available to the
> jabber server administrator
> even.
No, this is not a bug. If you wish to disable this, comment out the
mod_auth_plain and mod_auth_digest parts of the JSM settings in your
jabber.xml file. Be certain that all clients you are using can handle
Zero Knowledge authentication (mod_auth_0k). Most do...
John
More information about the JDev
mailing list