On Fri, 2002-04-05 at 07:37, [EMAIL PROTECTED] wrote: > While testing (prior to deployment), I noticed that passwords for > various services for users were > being stored in plain text in the user.xml xdb files. > Is this a known bug, and has it been fixed in 1.4.2? > > Plain text passwords should ideally not be easily available to the > jabber server administrator > even.
No, this is not a bug. If you wish to disable this, comment out the mod_auth_plain and mod_auth_digest parts of the JSM settings in your jabber.xml file. Be certain that all clients you are using can handle Zero Knowledge authentication (mod_auth_0k). Most do... John _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
