Is this a question about Ejabberd or generally? Generally nobody should be using Digest authentication and thus necessitating plaintext storage of passwords. Ever.
You might want to run your server through XMPP.net to see which mechanisms it's offering. For example: https://xmpp.net/result.php?domain=jabber.de&type=client S. On 20 April 2014 17:53, Mathias Ertl <[email protected]> wrote: > Hi, > > Ejabberd has supported storing passwords as SCRAM hashes for some time > now, Prosody supports this as well[1]. > > When switching to SCRAM-hashes, servers will start offering only SASL > SCRAM-SHA1 and SASL Plain. Old authentication schemes are no longer > supported because hashes are of course incompatible. Furthermore, you > cannot switch back because hashes cannot be converted back to plain > passwords (which is the whole point). > > Has anyone made the switch? Is there a significant percentage of clients > out there that don't support at least either Plain or SCRAM-SHA1? Or is > at least Plain widely supported in all clients? > > I my own tests I have found that at least my mcabber version segfaults > on a testserver[2] that has SCRAM enabled. > > greetings, Mati > > [1] http://prosody.im/doc/plain_or_hashed > [2] Test installation for SCRAM at er.tl, feel free to try it out. > > -- > twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] > I only read plain-text mail! I prefer signed/encrypted mail! > > > > -- > twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] > I only read plain-text mail! I prefer signed/encrypted mail! > > -- Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours: goo.gl/tQgxP
