mod_auth_internal_plain

An authentication provider that uses plaintext passwords in Prosody's configured data store. This was the default authentication provider in the past.

There is no special configuration for this provider.

Note that although passwords are stored in plaintext, the filesystem permissions in our packages prevent access to them from any user except prosody and root. Please see our comparison between the plain and hashed providers for more information.

Because passwords are stored in plain text, both SCRAM-SHA-1 and SCRAM-SHA-256 are offered to clients. If you later switch to mod_auth_internal_hashed, note that only one of these authentication methods will be retained.

This may lead to some clients being locked out due to the apparent downgrade attack of one of the methods disappearing.