[JDEV] user.xml password encryption
admin at jabber.fsinf.de
admin at jabber.fsinf.de
Mon May 20 12:11:22 CDT 2002
On Mon, 20 May 2002, Chris Pile wrote:
> I modified the jabber code (mod_auth_plain.c) to encrypt (MD5) user
> passwords in the spool/user.xml files.
I'd suggest using SHA1 instead of MD5 for it is considered more secure and
used by Jabber clients anyway.
> I was wondering if there is a way around this. By introducing digest/0k
> auth, has this limited user passwords to be stored as plain text in
> user.xml files?
Digest auth needs clear text passwords on the server, 0k does not.
See
http://mailman.jabber.org/pipermail/jadmin/2002-May/005066.html
for a longer description.
BTW is it possible to disable clear text and digest auth and force 0k auth
only?- Is it possible to create accounts any more then?
Regards
More information about the JDev
mailing list