Hi there,
I have JWChat, Ejabberd, IIS working with MSSQL.
Since our current database table stores only password hash, I need to revise ejabberd_auth_odbc.erl to compare against the hash.
I found out check_password(User, Server, Password, StreamID, Digest) ->
is the place where authorization happens.
Digest == sha:sha(StreamID ++ Passwd);
is the acutal place.
I printed Digest, it seems to a hashed value. I printed the parameter Password, it's empty string. I don't know when & where this digest gets created.
If I can skip the Digest generation part, just pass in the password, then hash it, and compare it against the DB password hash, that will be great.
Can anyone help me understand the flow of authorization?
Jing
