Is it possible to instruct the jabber/xmpp server to delegate authentication to another module? We are building an internal application using XMPP and it would be fantastic if we could let users keep their standard username/password that they use in our web-apps. The web-apps are currently hashing passwords, and so the passwords in the DB are not stored in plain-text form. It would have been easy to share passwords across systems if this were not the case, but then, of course, storing plain-text passwords in the server-side database is a big no-no.
Ideally we could just tell the jabber server "hey, just pass off your username/authentication request to here" and have some other process running (perhaps even just an xmpp bot?) that handles authentication.
We are currently using ejabberd as our server, which I believe is written in Erlang. We're not tied to ejabberd though. I know that XMPP is huge, and largely extensible – but I haven't found anything about extensible authentication on the server side.
I found this on the XMPP website, but that appears to be the protocol for negotiating authentication between the client and the server, not the actual authentication mechanism on the server.
Any pointers on how to merge authentication schemes between an XMPP server and our other systems?
Best Answer
ejabberd has multiple ways to authenticate. You can use LDAP, for example, if you have an LDAP server for your organisation. This works at my company, and provides a single log in for our wiki, ticket system, etc.
Have a look at the section on authentication in the user guide.