3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-15 00:19:29 +01:00

recommended default: advertise SCRAM

Fixes #1782
This commit is contained in:
Shivaram Lingamneni 2023-01-11 09:10:25 -05:00
parent 1e6dee15b2
commit 46d32520c7
3 changed files with 9 additions and 2 deletions

View File

@ -450,6 +450,10 @@ accounts:
# this is useful for compatibility with old clients that don't support SASL # this is useful for compatibility with old clients that don't support SASL
login-via-pass-command: true login-via-pass-command: true
# advertise the SCRAM-SHA-256 authentication method. set to false in case of
# compatibility issues with certain clients:
advertise-scram: true
# require-sasl controls whether clients are required to have accounts # require-sasl controls whether clients are required to have accounts
# (and sign into them using SASL) to connect to the server # (and sign into them using SASL) to connect to the server
require-sasl: require-sasl:

View File

@ -303,7 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e
type AccountConfig struct { type AccountConfig struct {
Registration AccountRegistrationConfig Registration AccountRegistrationConfig
AuthenticationEnabled bool `yaml:"authentication-enabled"` AuthenticationEnabled bool `yaml:"authentication-enabled"`
AdvertiseSCRAM bool `yaml:"advertise-scram"` // undocumented, see #1782 AdvertiseSCRAM bool `yaml:"advertise-scram"`
RequireSasl struct { RequireSasl struct {
Enabled bool Enabled bool
Exempted []string Exempted []string
@ -1390,7 +1390,6 @@ func LoadConfig(filename string) (config *Config, err error) {
} }
saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256" saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256"
// TODO(#1782) clean this up:
if !config.Accounts.AdvertiseSCRAM { if !config.Accounts.AdvertiseSCRAM {
saslCapValue = "PLAIN,EXTERNAL" saslCapValue = "PLAIN,EXTERNAL"
} }

View File

@ -423,6 +423,10 @@ accounts:
# this is useful for compatibility with old clients that don't support SASL # this is useful for compatibility with old clients that don't support SASL
login-via-pass-command: false login-via-pass-command: false
# advertise the SCRAM-SHA-256 authentication method. set to false in case of
# compatibility issues with certain clients:
advertise-scram: true
# require-sasl controls whether clients are required to have accounts # require-sasl controls whether clients are required to have accounts
# (and sign into them using SASL) to connect to the server # (and sign into them using SASL) to connect to the server
require-sasl: require-sasl: