annotate mod_sasl_ssdp/README.markdown @ 5925:32d1abb89dfe

mod_rest: Reject password that fails saslprep earlier (thanks tgy) Prevents an error later if/when passing the password through saslprep a second time in the authentication module, since the prep functions now reject nil The error reporting could be improved but that would involve adding a way to pass errors back out of the check_credentials() function.
author Kim Alvefur <zash@zash.se>
date Thu, 04 Jul 2024 16:06:32 +0200
parents 61bee1be6db3
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5773
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 ---
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 labels:
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 - 'Stage-Alpha'
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 summary: 'XEP-0474: SASL SCRAM Downgrade Protection'
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 ...
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 Introduction
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 ============
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 This module implements the experimental XEP-0474: SASL SCRAM Downgrade
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 Protection. It provides an alternative downgrade protection mechanism to
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 client-side pinning which is currently the most common method of downgrade
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 protection.
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 **Note:** This module implements version 0.3.0 of XEP-0474. As of 2023-12-05,
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 this version is not yet published on xmpp.org. Version 0.3.0 of the XEP is
5875
61bee1be6db3 mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.
Martin Dosch <martin@mdosch.de>
parents: 5773
diff changeset
17 implemented in Monal 6.0.1 and go-sendxmpp 0.8.0. No other clients are currently
61bee1be6db3 mod_sasl_ssdp: Add go-sendxmpp to clients supporting XEP-0474.
Martin Dosch <martin@mdosch.de>
parents: 5773
diff changeset
18 known to implement the XEP at the time of writing.
5773
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 # Configuration
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 There are no configuration options for this module, just load it as normal.
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 # Compatibility
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 For SASL2 (XEP-0388) clients, it is compatible with the mod_sasl2 community module.
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 For clients using RFC 6120 SASL, it requires Prosody trunk 33e5edbd6a4a or
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 later. It is not compatible with Prosody 0.12 (it will load, but simply
3a7349aa95c7 mod_sasl_ssdp: New module implementing XEP-0474 SASL SCRAM Downgrade Protection
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 won't do anything) for "legacy SASL".