[jadmin] Re: Problems with PGSQL auth
Stephen Marquard
scm at marquard.net
Thu Aug 25 14:48:34 CDT 2005
Wilfredo I. Pachon Lopez wrote:
>>What auth mechanisms are you trying to use? If you describe what you'd like to
>>happen and how you're trying to do it, perhaps someone can help.
>>
>
> What i need is to authenticate my jabber user againts a DB that support my
> IMAP/SMTP mail.
>
> This is the part in my c2s.xml with the auth mech:
>
> <traditional>
> <plain/>
> <digest/>
> <zerok/>
> </traditional>
>
> What is the best to my case?
>
>
>>Have you defined custom SQL queries in c2s.xml ?
>
>
> Yes, i'm using the following custom SQL query to retrieve the user info:
>
> <sql>
> <select>SELECT CRYPT(account_pwd) AS password, 0 AS hash, 0 AS token, 0 AS
> sequence FROM phpgw_accounts WHERE account_lid = '%s' AND dominio =
> '%s'</select>
> </sql>
>
> Update, Delete i don't need because the password change and creating/deleting
> users is made by other application.
>
> CRYPT is pl/perl function that encrypt the password using a custom "salt".
>
c2s expects to get the password in plain text (so it can use auth mechanisms
like digest). I'm not sure if account_pwd is plaintext or not in your database.
If it it, then don't CRYPT() it. If it isn't, then you're crypting it twice.
If it's a reversible crypt function, then you can decrypt it for jabber. If it's
a one-way hash algorithm, then what you probably want to do is only enable PLAIN
authentication, set up pipe authentication (see tools/pipe-auth.pl for an
example), implement CHECK-PASSWORD, crypt the password passed to the pipe auth
script by jabber, and compare that to what's in the database.
Regards
Stephen
More information about the JAdmin
mailing list