Room Authentication

Hi

I am not sure if its a strange behavior but any user who is registered with prosody can login to any room as the host . And by default they are made moderator. Assuming if 4-5 people had logged in initially into their room with user ID and Pwd and now login to a new room they are still able to do so without any user id and pwd and are also set as moderator.

My assumption was the room host would be with the one who is registered and he needs to be the moderator. But the Host User Name and PWD which is authenticated by Prosody allows any user registered in prosody .

Is their any thing needed to tie the room name with the host and host mapped to prosody aithentication

pls guide

As moderator sometimes not able to kick the user who has been logged in using his user id and pwd which is stored in cookie

Thanks
Naveen

@damencho any guidance on this