From 73d1bb12184cd5bc91c5996ecc574149d9637d73 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Dec 2021 16:23:40 +0100 Subject: various: Require encryption by default for real These options have been specified (and enabled) in the default config file for a long time. However if unspecified in the config, they were not enabled. Now they are. This may result in a change of behaviour for people using very old config files that lack the require_encryption options. But that's what we want. --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 212b977a..30d7acfa 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -17,7 +17,7 @@ local errors = require "util.error"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; -local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); +local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true)); local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" }); -- cgit v1.2.3 From 067a0ad4d8e8831f5cac75099926d60a7bad6323 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 10 Feb 2022 19:54:14 +0000 Subject: usermanager, mod_saslauth: Default to internal_hashed if no auth module specified The default config was updated in this way long ago, but if no option was present in the config, Prosody would load internal_plain. This change can result in changes (for the better) for people using very old configuration files lacking an 'authentication' setting. --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_saslauth.lua') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 30d7acfa..ab863aa3 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -309,7 +309,7 @@ module:hook("stream-features", function(event) return; end - local authmod = module:get_option_string("authentication", "internal_plain"); + local authmod = module:get_option_string("authentication", "internal_hashed"); if available_mechanisms:empty() then log("warn", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); return; -- cgit v1.2.3