On Fri, 12 Sep 2003, Ryan L. Hart wrote: > I've created a JECL xdb component using an existing Sybase > backend to replace the Jabber 1.4.2 xdb_file module. [...] > I think the authorization is really being handled by the > jabber:iq:auth:0k response instead?
No, 0k is a special authorization scheme. To make it short, just disable it in jabber.xml and forget it. It's a nice idea but has security issues. auth_plain and auth_digest both use the plain-text password entries from the user's data. > My assumption was that I would just need to modify some jsm > auth module to crypt the clear text password passed by the > client to see if it matches the crypted password returned by > my xdb component for jabber:iq:auth. Is this true? If so, > what module (mod_auth_plain, etc.)? mod_auth_plain, yes. In fact, there has been a mod_auth_crypt available (see http://mailman.jabber.org/pipermail/jdev/2001-August/007934.html) which implemented part of the functionality you seem to want but unfortunately its website seems to be gone. Regards _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
