[jadmin] Re: secure passwords and registration problems

Robert Flemming flemming at spiralout.net
Mon Feb 11 17:11:35 CST 2002


Okay since my last post garnered no replies I have a feeling I have a feeling
I was a bit verbose with the problem.  I've been fighting with this for an
extra week or so now and I talked a little with stpeter on jdev and I have a
bit more info as to what appears to be going on.

In short I cannot register, then sign on a new user when using anything but
plain text passwords.  The symptoms vary slightly depending on the client used
so I'll do my best to sum things up.  Like I said previously everything works
fine using plain text passwords.  I'd prefer to use digest or 0k so hence my
problem.

I haven't done anything special to my jabber.xml file other than comment out
the mod_auth_plain line from the jsm section.  Here is what happens when
trying to register then sign on using a variety of clients:

Linux
-----
psi (0.8.4) - username.xml file is created and only contains the plain text password
entry.  When trying to login the server returns an Unauthorized message.
Debug output on the server shows the client trying to use digest
authentication.

konverse (0.2) - username.xml file is created and only contains the plain text
password entry.  When trying to login the server returns an Unauthorized message.
Debug output on the server shows the client trying to use a plain text password.

Windows
-------
winjab (1.1.0.1) - username.xml file is created and only contains the plain
text password entry.   When trying to login the server returns an Unauthorized
message.  Debug output on the server shows the client trying to use a plain text
password.

JIM (1.10.0.6) - username.xml file is created and only contains the plain text password
entry. When trying to login the server returns an Unauthorized message.
Debug output on the server shows the client trying to use a plain text
password.  The client returns a message saying that the username is already in
use.

Things seem somewhat consistent between the various clients.  Of course once I
re-enable plain text everything works fine and at least with the windows
clients I will see both a plaintext and 0k hash in the username.xml file.
(Though no digest?)

I've seen the same behavior from 1.4.2 as well as the CVS version from last
week sometime.  I don't believe I'm doing anything out of the ordinary so if
nothing else can someone tell me if they have EVERY gotten jabber to work
using digest or 0k passwords and if so what version of the server and client
were you use?  I need to determine if I'm just an idiot or if there really is
bug of sorts because my head hurts from banging it against the wall :)

Any help is appreciated.  Take Care

Robert



More information about the JAdmin mailing list