I got SCRAM working with ODBC and saw that it was storing hashed passwords, salts, and iteration counts. But I've noticed that external auth scripts are only given authentication commands with username and password in plain text. There's nothing in the auth script API that asks for the salt or iteration count, passes in the challenge, etc. So can external auth scripts only be used with plain password authentication, or am I misunderstanding something?
Looking for ejabberd docs?
To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »
SCRAM Authentication with External Script?
Nope, no misunderstanding.
Nope, no misunderstanding. External auth is for targeting very basic needs and does not support SCRAM.