Use auth_password_format to determine plain or SCRAM is used

This commit is contained in:
Badlop 2015-07-22 12:24:18 +02:00
parent 4e5fac304a
commit 25a63c6ed1
2 changed files with 7 additions and 10 deletions

View File

@ -171,23 +171,23 @@ configuration along with use cases.
An Auth token is provided as a password. An Auth token is provided as a password.
* **Service implements:** `check_password`, `user_exists` * **Service implements:** `check_password`, `user_exists`
* **ejabberd config:** `password format`: `plain`, `mod_register` disabled * **ejabberd config:** `auth_password format`: `plain`, `mod_register` disabled
* **Client side:** MUST NOT use `DIGEST-MD5` mechanism; use `PLAIN` * **Client side:** MUST NOT use `DIGEST-MD5` mechanism; use `PLAIN`
### Central database of plaintext passwords ### Central database of plaintext passwords
* **Service implements:** `check_password`, `get_password`, `user_exists` * **Service implements:** `check_password`, `get_password`, `user_exists`
* **ejabberd config:** `password format`: `plain`, `mod_register` disabled * **ejabberd config:** `auth_password_format`: `plain`, `mod_register` disabled
* **Client side:** May use any available auth method * **Client side:** May use any available auth method
### Central database able to process SCRAM ### Central database able to process SCRAM
* **Service implements:** `get_password`, `user_exists` * **Service implements:** `get_password`, `user_exists`
* **ejabberd config:** `password format`: `scram`, `mod_register` disabled * **ejabberd config:** `auth_password_format`: `scram`, `mod_register` disabled
* **Client side:** May use any available auth method * **Client side:** May use any available auth method
### All-included ### All-included
* **Service implements:** all methods * **Service implements:** all methods
* **ejabberd config:** `password format`: `scram` (recommended) or `plain`, `mod_register` enabled * **ejabberd config:** `auth_password_format`: `scram` (recommended) or `plain`, `mod_register` enabled
* **Client side:** May use any available auth method * **Client side:** May use any available auth method

View File

@ -65,12 +65,9 @@ start(Host) ->
plain_password_required() -> plain_password_required() ->
false. false.
-spec store_type(binary()) -> plain | scram. -spec store_type() -> plain | scram.
store_type(Server) -> store_type() ->
case scram2:enabled(Server) of ejabberd_auth_odbc:store_type().
false -> plain;
true -> scram
end.
-spec check_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> boolean(). -spec check_password(ejabberd:luser(), ejabberd:lserver(), binary()) -> boolean().
check_password(LUser, LServer, Password) -> check_password(LUser, LServer, Password) ->