Chris Pile wrote: >Hi, > >I modified the jabber code (mod_auth_plain.c) to encrypt (MD5) user >passwords in the spool/user.xml files. This works great for plain text >authentication (the client always sends the <password/>). BUT, this >doesn't work when the client tries to auth using 0k or digest >authentication. The server builds the hash from the stored password >which is of course encrypted and so doesn't match the hash of the plain >text password known by the client. > >I was wondering if there is a way around this. By introducing digest/0k >auth, has this limited user passwords to be stored as plain text in >user.xml files? > Zero-knowledge auth does not (by definition) require the server to know the password. Digest does, since the plaintext password becomes the shared secret used for authentication.
-David Waite _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
