[JDEV] digest authentication
Dustin Puryear
dpuryear at usa.net
Mon May 21 13:12:56 CDT 2001
Max Horn wrote:
> >Despite me using a phoney password, I know that Gabber is producing
> >proper output since I can login using the correct password.
>
> Ahhhhh!
>
> You are mixing up 0k-auth and digest-auth ;) I guess your hash string
> is correct, but what you generate is data for the <digest> element.
> The <hash> element in Gabber's output is for the 0k-auth mechansim
>
> For more information on digest-auth, check out
> http://docs.jabber.org/proto/html/jabber:iq:auth.html
>
> For more information on 0k-auth, check out
> http://docs.jabber.org/draft-proto/html/zerok.html
Well darn. I was reading strictly from Protocol - Standard:Simple Client
Authentication (which, oddly enough, includes both simple and digest
client authentication--shouldn't this be renamed Client Authentication).
Since Jabber is relatively new I suppose I need to delve into Protocol -
Draft more often. So.. what I am doing is correct then. I am taking the
session ID, concatenating the password to it, passing it to shahash(),
and I should use that as the digest value. Ok then. Thanks Max.
Regards, Dustin
--
Dustin Puryear <dpuryear at usa.net>
http://members.telocity.com/~dpuryear
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams
More information about the JDev
mailing list