karjala_lists at karjala.org
Mon Jul 3 14:57:21 UTC 2006
Am I right then to say that the function get_password is called whenever
Digest/Cram/SASL is used, and the function check_cleartext is called
whenever the "password is sent between the two computers"?
Either get_password is called or check_cleartext, but not both during a
What is TLS?
>> One of the things I don't understand is how allowing plaintext passwords
>> will make challenge/response type stuff to happen.
> Going out on a limb here: DJabberd needs to do all the little
> transformation thingies on the unencrypted password in order to
> support SASL-auth methods like DIGEST-MD5. If all you store is a
> hashed version of the password, then the only thing DJ can do is
> compare a hashed version of the PLAIN version of the password sent by
> the client to the hashed version in the database.
> If, however, you enable retrieving a cleartext password from the
> database (whether by just storing the cleartext or by using a
> reversible form of encryption), DJabberd can use that to do
> challenge-response SASL-stuff (like DIGEST-MD5 and CRAM-MD5).
> (It's a little hard to explain, I hope I got my point across.)
More information about the Djabberd