[standards-jig] Account registration and SASL
rob at cataclysm.cx
Sun Jun 9 10:12:33 UTC 2002
> > In the first case, perhaps the client should send a register packet
> > containing only a username, eg:
> > <iq id='a1' type='set'>
> > <query xmlns='jabber:iq:register'>
> > <username>rob</username>
> > </query>
> > </iq>
> > The server would create an account with no credentials. The client would
> > then be required to authenticate using the PLAIN mechanism, which the
> > server would store for future logins.
> > Alternatively, the client could simply attempt to authenticate using
> > PLAIN, and if the user doesn't exist, the server creates it.
> Why are those changes better than the current mechanism? Personally I
> think the current mechanisms are well suited to simplie open/public
> servers. If they need to be further enhanced can x:data (JEP4) solve
Just thinking out louder. One way or another, registering directly
requires the client to send a password over the wire. There's nothing we
can do about it.
Robert Norris GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Standards