powered by Jive Software

JDBCAuthProvider and Digest passwords, SASL Authentication

If you use JDBCAuthProvider to integrate with an external database and use digest (MD5,SHA) as the passwordType then you are not allowed to authenticate users using digest authentication!

This means you have only PLAIN, which is clearly not acceptable.

Can someone explain why there is this limitation as surely databases alway store passwords hashed for security and this should not limit me to an unsecure XMPP client login!

As I am writing my own XMPP client to connect to a custom server I can get round this by setting passwordType to PLAIN and hashing my password at the client end. This allows me to use DIGEST authentication for NON-SASL authentication. .

I would like however to use SASL DIGEST authentication which should be allowed with an authentication server that doesn’t know the plain text password, surely?

I’m sure some security expert can give me the correct answer.