[Pidgin] #5213: cyrus-SASL support breaks XMPP DIGEST-MD5 auth for jabberd2 with gSASL

Pidgin trac at pidgin.im
Wed Mar 19 13:42:48 EDT 2008 

#5213: cyrus-SASL support breaks XMPP DIGEST-MD5 auth for jabberd2 with gSASL
---------------------+------------------------------------------------------
  Reporter:  marty   |       Owner:  deryni   
      Type:  defect  |      Status:  new      
  Priority:  minor   |   Milestone:           
 Component:  XMPP    |     Version:  2.4.0    
Resolution:          |    Keywords:  SASL auth
   Pending:  0       |  
---------------------+------------------------------------------------------
Comment (by marty):

 yuck... I'll try again w/ code wikiformatting

 {{{
 The password is alphanumeric.  There aren't any non-ascii characters.

 It is interesting to note that Pidgin did not fall back to any other
 available auth mechanism after SASL:DIGEST-MD5 failed.  In addition to
 SASL:PLAIN, the server offered traditional jabber auth methods.

 Curious - Why do you want to see the handshake from a non-Pidgin working
 client?

 I played with JBother a bit, and it seems to succeed in connecting by
 falling back to an alternate mechanism.  But, when I forced SASL:DIGEST-
 MD5 by disabling everything else on the server, it fails.  When I sniff
 the transaction, it appears to be insisting on iq:auth instead of SASL,
 which is disabled.

 I then installed Psi, and sniffed the following successful auth
 transaction:

  "Request: <?xml version="1.0"?>"
  "Response: <?xml version='1.0'?><stream:stream
 xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
 from='linklocker.com' version='1.0'
 id='jrj0vkyc7rwnr7q8ig8a324xnn1sxhmg86h3rfgy'>"
  "Response: <stream:features
 xmlns:stream='http://etherx.jabber.org/streams'><mechanisms
 xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-
 MD5</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-
 auth'/></stream:features>"
  "Request: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism
 ="DIGEST-MD5" />"
  "Response: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-
 sasl'>cmVhbG09Imxpbmtsb2NrZXIuY29tIiwgbm9uY2U9Im1sTkk4YlBXc2kyMFY2ZS9sejB5TEE9PSIsIHFvcD0iYXV0aCwgYXV0aC1pbnQiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M=</challenge>"
  "Request: <response xmlns="urn:ietf:params:xml:ns:xmpp-
 sasl">dXNlcm5hbWU9Im1hcnR5IixyZWFsbT0ibGlua2xvY2tlci5jb20iLG5vbmNlPSJtbE5JOGJQV3NpMjBWNmUvbHoweUxBPT0iLGNub25jZT0iQlRibldmWklVam52cWdaZVcrNUlndnlPNmZJaVpuc1QwVnpzczE2dlJlRT0iLG5jPTAwMDAwMDAxLGRpZ2VzdC11cmk9InhtcHAvbGlua2xvY2tlci5jb20iLHFvcD1hdXRoLHJlc3BvbnNlPWVmZjkyZGRiOTFhY2Y2N2UxMzgyZDQ0ZTdjNmNjOGYxLGNoYXJzZXQ9dXRmLTg=</response>"
  "Response: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-
 sasl'>cnNwYXV0aD02YjE2Y2M4MTA3YmFkYjA5MmQ5ZTM4MTgxMGIyMmVjNw==</challenge>"
  "Request: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>"
  "Response: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>"
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/5213#comment:13>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list