Jabber Server?
Nicolas Mailhot
nicolas.mailhot at laposte.net
Mon Mar 7 09:19:16 UTC 2005
On Lun 7 mars 2005 10:11, Enrico Scholz a écrit :
> adrian at lisas.de (Adrian Reber) writes:
>
>>> [... jabber ...]
>>> 1) The default password is somehow securely handled. I didn't read too
>>> carefully, how was this resolved?
>>
>> A random password is created during installation.
>
> mmh...
>
> | export NEWPASS="$RANDOM-newpass-$RANDOM"
> | cd %{sysconfdir}
> | %{__perl} -pi -e
> "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router-users.xml
> | %{__perl} -pi -e
> "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router.xml
> | %{__perl} -pi -e "s,<pass>secret</pass>,<pass>$NEWPASS</pass>,g"
> *.xml
>
> 1. the password is random, but not secure (only 32 bit); you could do
>
> | dd if=/dev/urandom bs=20 count=1 | sha1sum
>
> which creates an 80bit password
>
> 2. the new password is visible with 'ps'; when you add the dependency on
> 'perl' (dunno, if jabber really requires it), you could read it from
> the $NEWPASS environment variable.
>
> But when 'perl' is not required for jabberd functionality, the entire
> script should be rewritten to remove this dep.
apg ?
--
Nicolas Mailhot
More information about the fedora-extras-list
mailing list