Jabber Server?

Nicolas Mailhot nicolas.mailhot at laposte.net
Mon Mar 7 09:19:16 UTC 2005


On Lun 7 mars 2005 10:11, Enrico Scholz a écrit :
> adrian at lisas.de (Adrian Reber) writes:
>
>>> [... jabber ...]
>>> 1) The default password is somehow securely handled.  I didn't read too
>>> carefully, how was this resolved?
>>
>> A random password is created during installation.
>
> mmh...
>
> |      export NEWPASS="$RANDOM-newpass-$RANDOM"
> |      cd %{sysconfdir}
> |      %{__perl} -pi -e
> "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router-users.xml
> |      %{__perl} -pi -e
> "s,<secret>secret</secret>,<secret>$NEWPASS</secret>,g" router.xml
> |      %{__perl} -pi -e "s,<pass>secret</pass>,<pass>$NEWPASS</pass>,g"
> *.xml
>
> 1. the password is random, but not secure (only 32 bit); you could do
>
>    | dd if=/dev/urandom bs=20 count=1 | sha1sum
>
>    which creates an 80bit password
>
> 2. the new password is visible with 'ps'; when you add the dependency on
>    'perl' (dunno, if jabber really requires it), you could read it from
>    the $NEWPASS environment variable.
>
>    But when 'perl' is not required for jabberd functionality, the entire
>    script should be rewritten to remove this dep.

apg ?


-- 
Nicolas Mailhot




More information about the fedora-extras-list mailing list