Package: jabber Version: 1.4.3-3.4 Severity: normal The default configuration stores passwords as plaintext. The alternative would be to use SHA1 hashsums in combination with SSL connection. However, in this case, the registration of new users omits the password field, which means that the registration is not possible anymore. As I couldn't find any information about the expected format of the SHA1 hashes, and the sources are very bizarre (no mention of salts in the SHA1 part), it means that users can also not be created manually.
As a direct consequence, I've had to revert to plain text passwords for the spool. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
