manuzhai at gmail.com
Mon Jul 3 14:09:30 UTC 2006
> One of the things I don't understand is how allowing plaintext passwords
> will make challenge/response type stuff to happen.
Going out on a limb here: DJabberd needs to do all the little
transformation thingies on the unencrypted password in order to
support SASL-auth methods like DIGEST-MD5. If all you store is a
hashed version of the password, then the only thing DJ can do is
compare a hashed version of the PLAIN version of the password sent by
the client to the hashed version in the database.
If, however, you enable retrieving a cleartext password from the
database (whether by just storing the cleartext or by using a
reversible form of encryption), DJabberd can use that to do
challenge-response SASL-stuff (like DIGEST-MD5 and CRAM-MD5).
(It's a little hard to explain, I hope I got my point across.)
More information about the Djabberd