Disable Cleartext Authentication?

Would anyone know if this is actually a server property I can set? I have Require encryption set however, external security scans are still showing “Cleartext authentication” as being allowed.

remove plain from sasl.mechs. If you’re using Active directory for authentication, this will likely break authentication for you, unless you add GSSAPI, and your app supports it.

Can you elaborate where that is? I’m not seeing it in System Properties.


Server>Server Manager>System Properties

Hm, that setting doesn’t seem to exist for me. To note, I’m currently using version 3.9.3. What values should be set for the sasl.mechs property?

if its not in the database, it might be in the openfire.xml file. or perhaps if its not set, it defaults to plain? I don’t recall to be honest with you…however, if you want to specify, the just created the property and tell it what you want it to use.

Openfire Properties

I appreciate the assistance. I can only imagine I’m about to break our installation

Thanks for posting the information about this. I kept forgetting one of the settings and this post helped with pointing out the setting I had neglected to set.