I just hate that djabberd gets to know the password of users. I'd like to delegate the SASL part to LDAP or another centralized piece of infrastructure whose job it is. That way the client could connect to jabber without giving away the keys of the house.
client <-> SASL + DIGEST_MD5(auth) <-> djabberd <-> SASL+ DIGEST_MD5(auth) <-> LDAP
djabberd effectively acting like a man in the middle.
Does such thing exists somewhere, or is it just a bad thing? Why?