Kune

The goal:
- Register accounts
- Sign in with user/pass
- and auto login with a cookie for some days
in both Kune+Wave+XMPP

Also we have to permit xmpp auth to non kune/emite xmpp clients.

The current status:
Kune/WIAB register users with digest SHA-512 + salt
auth plaintext user + pass (see WaveClientSimpleAuthenticator). Aka: We should use https
Autologin is done via a hash in a cookie.

A proposed non secure solution (server specific) is to implement a custom:
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/javadoc/org/jivesoftware/openfire/auth/AuthProvider.html
http://community.igniterealtime.org/thread/35365
and for autologin, try to auth to xmpp with user+cookie-hash as a second option using:
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/javadoc/org/jivesoftware/openfire/auth/HybridAuthProvider.html

This permits normal xmpp use (with external and emite client) and autologin for xmpp also in kune.

Problem: we need to store plain passwords (even with a SASL client I think). See:
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/openfire/auth/DefaultAuthProvider.java
http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/Blowfish.java
http://java-monitor.com/forum/showthread.php?t=453
This is not secure: "But hey, management wants encrypted passwords in the database, management gets encrypted passwords in the database. :-)"

TODO: study a way to make a compatible secure plain+digest AuthProvider compatible with our SHA-512 stored pass...

Work in progress