I see that ejabberd provides a adhoc command to query to password of a user, so it must store that password somewhere. OpenFire seems to do the same. What is going on here? Is there some XMPP requirement that needs to be accommodated? Isn't it good practice to hash passwords?
Looking for ejabberd docs?
To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »
Why is the password not hashed?
Submitted by miracle2k on Sun, 2010-01-24 17:26
http://www.ejabberd.im/plaint
http://www.ejabberd.im/plaintext-passwords-db
Right, so it's now my
Right, so it's now my understanding that the server needs to be able to access the password in order to support auth mechanisms like CRAM-MD5.
FWIW, I think the answer given in the linked FAQ entry makes this anything than clear.