[JDEV] jabber:iq:auth password?
Ryan L. Hart
ryanhart at rcn.com
Fri Sep 12 11:53:58 CDT 2003
I've created a JECL xdb component using an existing Sybase
backend to replace the Jabber 1.4.2 xdb_file module.
Everything seems to be working fine, but now I need to move
it into production. While testing, I responded to all
jabber:iq:auth requests with password 'password' to make my
life easier. Now, I'm returning the actual passwords stored
in the database. These passwords are not clear text, but
crypted with a salt value. First off, oddly enough, it
appears that I can continue to use the password 'password'
successfully!? I think the authorization is really being
handled by the jabber:iq:auth:0k response instead?
My assumption was that I would just need to modify some jsm
auth module to crypt the clear text password passed by the
client to see if it matches the crypted password returned by
my xdb component for jabber:iq:auth. Is this true? If so,
what module (mod_auth_plain, etc.)? Do I really need the
jabber:iq:auth:0k if I use this approach?
Any help would be greatly appreciated.
Thanks, Ryan
More information about the JDev
mailing list