Table of Contents

mod_auth_internal_hashed

This is an authentication provider module for Prosody 0.8+ that stores passwords in the configured data store, in hashed form.

Usage

Required reading

Hashing passwords in the data store protects them from immediate use by anyone with access to the store, as the original password cannot be easily recovered. This is in general good for security, but has some implications you should be aware of:

With the last point in mind, think carefully about whether it is easier for you to secure your server or secure and educate all your users. :-)

"The user's going to pick dancing pigs over security every time." – Bruce Schneier

For a more thorough discussion on these issues, see our article "Plain or hashed?".

Activating

When you first activate hashed storage, user accounts will automatically be upgraded from plain to hashed one-by-one as they log in.

In your config file, put:

    authentication = "internal_hashed"

This can be set globally or per-host.