One-​Time-​Passwords for XMPP/​Jabber?

I search a way to use one-​time–pass­words for jabber/​XMPP (ejab­berd) on FreeBSD. I do not want to use PAM (loc­al users on the ma­chine). Cur­rently I use the in­tern­al au­then­tic­a­tion, and I ex­pect that not all users of the jab­ber serv­er will use OTP if avail­able, so the prob­lem case is not that easy (mi­grat­ing ex­ist­ing users to a new solu­tion can be done by chan­ging the pass­word my­self and then telling them to change their pass­word, but there needs to be a way to let them change the non-​OTP pass­word).

I as­sume that OTP is not fore­seen in the XMPP pro­tocol, so where could I ask to have some­thing like that con­sidered as an ex­ten­sion (if such a place ex­ists at all)?

Oh, yes, send­ing the pass­words over SSL is not an op­tion (that is already the only way to lo­gin there). The goals are to have

  • an easy to re­mem­ber pass­word for an OTP app on the mo­bile to gen­er­ate the real pass­word
  • the pass­word ex­pire fast, so that a stolen pass­word does not cause much harm
  • not the same login-​password for dif­fer­ent ser­vices (mail-​pw != jabber-​pw != user-​pw)

Leave a Reply

Your email address will not be published. Required fields are marked *