Jabber Server?

Enrico Scholz enrico.scholz at informatik.tu-chemnitz.de
Mon Mar 7 09:11:16 UTC 2005

adrian at lisas.de (Adrian Reber) writes:

>> [... jabber ...]
>> 1) The default password is somehow securely handled.  I didn't read too 
>> carefully, how was this resolved?
> A random password is created during installation.


|      export NEWPASS="$RANDOM-newpass-$RANDOM"
|      cd %{sysconfdir}
|      %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router-users.xml
|      %{__perl} -pi -e "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router.xml
|      %{__perl} -pi -e "s,<pass>secret</pass>,<pass>$NEWPASS</pass>,g" *.xml

1. the password is random, but not secure (only 32 bit); you could do

   | dd if=/dev/urandom bs=20 count=1 | sha1sum

   which creates an 80bit password

2. the new password is visible with 'ps'; when you add the dependency on
   'perl' (dunno, if jabber really requires it), you could read it from
   the $NEWPASS environment variable.

   But when 'perl' is not required for jabberd functionality, the entire
   script should be rewritten to remove this dep.


More information about the fedora-extras-list mailing list