diff -uNr jabberd-1.4.3.ori/jabber.xml jabberd-1.4.3/jabber.xml
--- jabberd-1.4.3.ori/jabber.xml	2003-11-13 19:53:46.000000000 +0100
+++ jabberd-1.4.3/jabber.xml	2004-12-01 23:45:10.496092816 +0100
@@ -326,6 +326,10 @@
       <!-- mod_auth_digest: Password in clear text in storage,
            encrypted/hashed on the wire -->
       <mod_auth_digest>./jsm/jsm.so</mod_auth_digest>
+      <!-- mod_auth_krb5pw: Allows authentication using AD/krb5 passwords
+           It should be used only with SSL/TLS connections until a real
+           krb5 auth module (and client) exists -->
+      <mod_auth_krb5pw>./jsm/jsm.so</mod_auth_krb5pw>
       <!-- mod_auth_plain: Password in clear text in storage
            and on the wire. Disable this if you do not use clients
            that need plaintext auth -->
diff -uNr jabberd-1.4.3.ori/jsm/Makefile jabberd-1.4.3/jsm/Makefile
--- jabberd-1.4.3.ori/jsm/Makefile	2003-11-07 16:42:00.000000000 +0100
+++ jabberd-1.4.3/jsm/Makefile	2004-12-01 23:33:27.764924192 +0100
@@ -22,6 +22,7 @@
 	modules/mod_admin.o \
 	modules/mod_announce.o \
 	modules/mod_auth_crypt.o \
+	modules/mod_auth_krb5pw.o \
 	modules/mod_auth_plain.o \
 	modules/mod_auth_digest.o \
 	modules/mod_auth_0k.o \
diff -uNr jabberd-1.4.3.ori/jsm/modules/Makefile jabberd-1.4.3/jsm/modules/Makefile
--- jabberd-1.4.3.ori/jsm/modules/Makefile	2003-10-14 01:56:45.000000000 +0200
+++ jabberd-1.4.3/jsm/modules/Makefile	2004-12-01 23:33:34.210944248 +0100
@@ -8,6 +8,7 @@
 	mod_admin.o \
 	mod_announce.o \
 	mod_auth_crypt.o \
+	mod_auth_krb5pw.o \
 	mod_auth_plain.o \
 	mod_auth_digest.o \
 	mod_auth_0k.o \
diff -uNr jabberd-1.4.3.ori/jsm/modules/mod_auth_krb5pw.c jabberd-1.4.3/jsm/modules/mod_auth_krb5pw.c
--- jabberd-1.4.3.ori/jsm/modules/mod_auth_krb5pw.c	1970-01-01 01:00:00.000000000 +0100
+++ jabberd-1.4.3/jsm/modules/mod_auth_krb5pw.c	2004-12-01 23:38:42.987003152 +0100
@@ -0,0 +1,46 @@
+#include "jsm.h"
+
+mreturn mod_auth_krb5pw_jane(mapi m, void *arg)
+{
+    char *pass;
+
+    log_debug("mod_auth_krb5pw","checking");
+
+    if(jpacket_subtype(m->packet) == JPACKET__GET)
+    { /* type=get means we flag that the server can do plain-text auth */
+        xmlnode_insert_tag(m->packet->iq,"password");
+        return M_PASS;
+    }
+
+    if((pass = xmlnode_get_tag_data(m->packet->iq, "password")) == NULL)
+        return M_PASS;
+
+/* pass : is the password filled by the user */
+/* m->user->pass : what the hell it is !! */
+/* So, attempt krb5_init with pass !!! */
+    /* if there is a password avail, always handle */
+    if(m->user->pass != NULL)
+    {
+        if(strcmp(pass, m->user->pass) != 0)
+/*
+            jutil_error(m->packet->x, TERROR_AUTH);
+*/
+            jutil_error(m->packet->x, (terror){401,"Comparacion chunga"});
+        else
+            jutil_iqresult(m->packet->x);
+        return M_HANDLED;
+    }
+
+    log_debug("mod_auth_krb5pw","No user->pass field and no xdb available");
+    jutil_error(m->packet->x, (terror){401,"Unauthorized"});
+    return M_HANDLED;
+}
+
+void mod_auth_krb5pw(jsmi si)
+{
+    log_debug("mod_auth_krb5pw","init");
+
+    js_mapi_register(si, e_AUTH, mod_auth_krb5pw_jane, NULL);
+    /* Allowed users are only AD/krb5 ones, so no e_REGISTER */
+    /* Password changes handled with AD/krb5 methods, so no e_SERVER */
+}