the custom database integration explained here https://www.igniterealtime.org/builds/openfire/docs/latest/documentation/db-inte gration-guide.html is useful for providing XMPP service for already established user base. With this we try to provide our e-mail (Dovecot) user base with Openfire accounts but failed because missing password hash support in “JDBSAuthProvider.PasswordType”. For security reasons we use salted SHA512 which is standard on new Linux distributions like explained here http://www.akkadia.org/drepper/SHA-crypt.txt.
Would it be possible to include this feature in upcoming releases, maybe by simply integrating a recent apache commons lib which already include the new crypt password hashes Crypt (Apache Commons Codec 1.10 API) ??
Looks like Openfire doesn’t know about salted hashes at all? The passwords for the internal users are also only hashed not salted from what i can see. So this would be a somewhat bigger feature request for Openfire supporting salted hash for secure password store. Is there some better place or maybe even a possibility for funding/supporting such a request? I guess it would be useful for all Openfire users to get a decent password hashing method, no?