Hello,
I am evaluating ejabberd 2 for my site. We have an openldap for our users accounts with password stored as SSHA's hashes.
Is it possible to do simple bind to authenticate users and thous avoid having to store the Manager's password in cleartext in the config file ? So if the server is compromised, the attacker won't have full access to our LDAP tree.
Maybe I can use SASL or PAM to avoid this ?
Thanks,
oduesp
oduesp wrote: Maybe I can
Maybe I can use SASL or PAM to avoid this ?
Maybe.
You can also write your custom extauth script, and configure ejabberd to use it. You can write that script in any language you prefer, and perform any auth method you want.