[jadmin] Re: Problems with PGSQL auth

Stephen Marquard scm at marquard.net
Thu Aug 25 14:48:34 CDT 2005


Wilfredo I. Pachon Lopez wrote:
>>What auth mechanisms are you trying to use? If you describe what you'd like to
>>happen and how you're trying to do it, perhaps someone can help.
>>
> 
> What i need is to authenticate my jabber user againts a DB that support my
> IMAP/SMTP mail.
> 
> This is the part in my c2s.xml with the auth mech:
> 
>  <traditional>
>          <plain/>
>         <digest/>
>         <zerok/>
>       </traditional>
> 
> What is the best to my case?
> 
> 
>>Have you defined custom SQL queries in c2s.xml ?
> 
> 
> Yes, i'm using the following custom SQL query to retrieve the user info:
> 
> <sql>
> <select>SELECT CRYPT(account_pwd) AS password, 0 AS hash, 0 AS token, 0 AS
> sequence FROM phpgw_accounts WHERE account_lid = '%s' AND dominio =
> '%s'</select>
> </sql>
> 
> Update, Delete i don't need because the password change and creating/deleting
> users is made by other application.
> 
> CRYPT is pl/perl function that encrypt the password using a custom "salt".
> 

c2s expects to get the password in plain text (so it can use auth mechanisms 
like digest). I'm not sure if account_pwd is plaintext or not in your database. 
If it it, then don't CRYPT() it. If it isn't, then you're crypting it twice.

If it's a reversible crypt function, then you can decrypt it for jabber. If it's 
a one-way hash algorithm, then what you probably want to do is only enable PLAIN 
authentication, set up pipe authentication (see tools/pipe-auth.pl for an 
example), implement CHECK-PASSWORD, crypt the password passed to the pipe auth 
script by jabber, and compare that to what's in the database.

Regards
Stephen




More information about the JAdmin mailing list