[jdev] MD5 auth problem
Norman Rasmussen
norman at rasmussen.co.za
Thu May 25 04:43:53 CDT 2006
On 5/25/06, Ulrich Staudinger <us at activestocks.de> wrote:
> has someone a good solution how to reuse an existing community site with
> md5'd passwords with a jabber server?
reading http://www.ietf.org/rfc/rfc2831.txt section 3.9:
if you change the existing password storage from
md5({ passwd })
to store
md5({ username-value, ":", realm-value, ":", passwd })
then you can use that value during digest-md5 sasl auth.
This does mean some migration for user's passwords (they'll all have
to enter their current password to start using the jabber services -
backend could check old md5(pwd) hash, and compute and store new
md5(name:realm:pwd) hash)
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JDev
mailing list