[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Jabber Server?



adrian lisas de (Adrian Reber) writes:

>> [... jabber ...]
>> 1) The default password is somehow securely handled.  I didn't read too 
>> carefully, how was this resolved?
>
> A random password is created during installation.

mmh...

|      export NEWPASS="$RANDOM-newpass-$RANDOM"
|      cd %{sysconfdir}
|      %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router-users.xml
|      %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router.xml
|      %{__perl} -pi -e "s,<pass>secret</pass>,<pass>$NEWPASS</pass>,g" *.xml

1. the password is random, but not secure (only 32 bit); you could do

   | dd if=/dev/urandom bs=20 count=1 | sha1sum

   which creates an 80bit password

2. the new password is visible with 'ps'; when you add the dependency on
   'perl' (dunno, if jabber really requires it), you could read it from
   the $NEWPASS environment variable.

   But when 'perl' is not required for jabberd functionality, the entire
   script should be rewritten to remove this dep.



Enrico


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]