[JDEV] Differences in SASL realisation in jabberd2 and ejabberd
Alexey Nezhdanov
snake at penza-gsm.ru
Mon Jan 12 01:07:18 CST 2004
Hello. Recently tryed to use SASL against ejabberd.
Found several differences:
1) challenge responces.
jabberd2 response:
realm="jabber.penza-gsm.ru",nonce="baca3d3c76bab6edb7d7f2736733cf63300f9595",qop=auth,charset=utf-8,algorithm=md5-sess
ejabbed response:
nonce="1303694217",qop="auth",charset=utf-8,algorithm=md5-sess
The main problem is that double quotes appears in one case and disappears in
the another. The worst problem that I can't find out which case is proper.
RFC2831 extract:
snake at sarge:/mnt/hda2/var/lib/cvs/jabberpy2/ietf-docs$ grep qop rfc2831.txt,v
qop-options = "qop" "=" <"> qop-list <">
qop-list = 1#qop-value
qop-value = "auth" | "auth-int" | "auth-conf" |
qop = "qop" "=" qop-value
On the other hand here is example challenge from the same RFC:
S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
response=d388dad90d4bbd760a152321f2143af7,qop=auth
Also as you can see - there are no "realm" field in ejabbed challenge. Do not
know if it is error or not.
2) Bind namespace response in ejabberd. The problem is unreproducible now (at
least against jabber.ru). It seems that it have been fixed tonight... ;)
--
Respectively
Alexey Nezhdanov
More information about the JDev
mailing list