powered by Jive Software

External DB with sha256 and salt

Hi, I want to use a external database of users that I have but the password is of the form

passwordHash = sha256(password + salt)

and I followed this page Custom Database Integration Guide but I don’t know how to configure it for my case.

In this post from 2007 authentication-sha1-and-salt they modify the source code but I want to know if there is a simpler solution than that, maybe a plug in or something

There are some possibly better instructions in the source at https://github.com/igniterealtime/Openfire/blob/master/src/java/org/jivesoftware/openfire/auth/JDBCAuthProvider.java
but I think in your case the key thing is to ensure that

jdbcAuthProvider.passwordType = sha256

To ensure that the password is properly hashed.

Greg

Yes I set the type to sha256 but what I need to do is to concatenate the user password and the salt

Example:

userPassword : "superSecretWord*49" // received from user when login
salt : "alsdjfu1234goiwu08234¨Ç!Q!$!" // received from database
hasedPassword :  sha256 ( "superSecretWord*49alsdjfu1234goiwu08234¨Ç!Q!$!" )

So I need to tell the XMPP server to take the password the user is giving and append the salt that is stored in the database.

Ah, I see. In which case you’ll have to write your own provider, as I think it’s beyond the capabilities of the one provided by Openfire. You could probably use the Openfire one as a starting point for 90% of the necessary functionality, though.

That was what they suggested in the other post and I wanted to avoid that because I need to read and understand the code you mention this and modify it.

I ask again because the post was from 2007 and I wanted to see if that was added since.

But I think I have no other option. Thanks anyway.