[JDEV] jabber:iq:auth password?
maqi at jabberstudio.org
maqi at jabberstudio.org
Fri Sep 12 17:09:27 CDT 2003
On Fri, 12 Sep 2003, Ryan L. Hart wrote:
> I've created a JECL xdb component using an existing Sybase
> backend to replace the Jabber 1.4.2 xdb_file module.
[...]
> I think the authorization is really being handled by the
> jabber:iq:auth:0k response instead?
No, 0k is a special authorization scheme. To make it short, just disable
it in jabber.xml and forget it. It's a nice idea but has security issues.
auth_plain and auth_digest both use the plain-text password entries from
the user's data.
> My assumption was that I would just need to modify some jsm
> auth module to crypt the clear text password passed by the
> client to see if it matches the crypted password returned by
> my xdb component for jabber:iq:auth. Is this true? If so,
> what module (mod_auth_plain, etc.)?
mod_auth_plain, yes. In fact, there has been a mod_auth_crypt available
(see http://mailman.jabber.org/pipermail/jdev/2001-August/007934.html)
which implemented part of the functionality you seem to want but
unfortunately its website seems to be gone.
Regards
More information about the JDev
mailing list