Alexander Leidinger

Just another weblog


One-Time-Passwords for XMPP/Jabber?

I search a way to use one-time–pass­words for jabber/XMPP (ejab­berd) on FreeBSD. I do not want to use PAM (local users on the machine). Cur­rently I use the inter­nal authen­ti­ca­tion, and I expect that not all users of the jab­ber server will use OTP if avail­able, so the prob­lem case is not that easy (migrat­ing exist­ing users to a new solu­tion can be done by chang­ing the pass­word myself and then telling them to change their pass­word, but there needs to be a way to let them change the non-OTP password).

I assume that OTP is not fore­seen in the XMPP pro­to­col, so where could I ask to have some­thing like that con­sid­ered as an exten­sion (if such a place exists at all)?

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)
GD Star Rat­ing
GD Star Rat­ing

Tags: , , , , , , , , ,

No Responses to “One-Time-Passwords for XMPP/Jabber?”

Leave a Reply