On Mon, Jun 02, 2008 at 11:12:32AM +0100, Darren J Moffat wrote: > Raymond Xiong wrote: > >Two more notes on user authentication: > > > >1) ejabberd also supports PAM authentication. So it is possible to > >use UNIX accounts for ejabberd user authentication(though I don't think > >this was recommended in its manual). For various reason, this feature > >won't be supported in my package. > > Actually that might be a much better idea because it opens up a lot of > scope for better authentication. > > Given that Solaris invented PAM I find it very strange to integrate > something that has PAM support available but to disable it. > > Running with PAM will, unfortunately, require that the daemon run with > all privileges during authentication.
XMPP supports SASL for user authentication. ejabberd ought to support that. ejabberd should get the ability to authenticate users via Unix credentials through libsasl, not through PAM directly. (Of course, IIRC, our libsasl doesn't provide a way to do this, but that wouldn't be ejabberd's fault!) Nico --
