powered by Jive Software

Authentication Packet Question

I am trying to get the password of certain Users in my Roster when im logged in as admin user.

I registered a packetListener for my connection like this:

connection = new XMPPConnection(“localhost”);

connection.login(“admin”, “password”);

PacketFilter filter = new PacketTypeFilter(IQ.class);

connection.addPacketListener(this, filter);

Then i send a AuthenticationPacket with Type.GET

Authentication a = new Authentication();

a.setType(IQ.Type.GET);

a.setUsername(“bob”);

Now i would expect that my Listener receives a Packet with Bob’'s login information. But unfortunatly my Listener receives only:

What im trying to do is to copy certain User accounts from the wildfire server to a cms system so users dont need to remember 2 logins. Any suggestions for that without writing a plugin? I’'d like to stay server-indepentend.

Message was edited by: Oberon

Hi Oberon,

I suggest to use LDAP and connect both Wifi and the CMS system to it, so you have one user base and if you add another application it will likely have LDAP support.

Even if you get the message which contains the password it will be hashed, so you’'ll never be able to get it that way. You could export the JIVEUSER table if you are looking for the usernames and passwords …

LG

Thanks for your advice. I know LDAP would be the best solution but i try to stay LDAP independent. Not everyone wants to setup a LDAP server.

Why would the passwords be hashed? They are plain text in the database.

Hi,

are they? With Wifi 2.6.2 (2.6.0+) JM-291 was introduced so one has the option to encrypt them. I don’'t know if you have a security dept, if you have you may ask them about plain-text passwords. So if you disable encrypted passwords in the database you may use SQL to export the user data.

The passwords are not exchanged in plain text over the net and so you will not find them in any packet, you may read http://www.jivesoftware.org/community/thread.jspa?messageID=116487 for some more information.

LG