[JDEV] user.xml password encryption
Chris Pile
cpile at snoogans.co.uk
Mon May 20 11:26:54 CDT 2002
Hi,
I modified the jabber code (mod_auth_plain.c) to encrypt (MD5) user
passwords in the spool/user.xml files. This works great for plain text
authentication (the client always sends the <password/>). BUT, this
doesn't work when the client tries to auth using 0k or digest
authentication. The server builds the hash from the stored password
which is of course encrypted and so doesn't match the hash of the plain
text password known by the client.
I was wondering if there is a way around this. By introducing digest/0k
auth, has this limited user passwords to be stored as plain text in
user.xml files?
Thanks,
Chris Pile.
More information about the JDev
mailing list