[JDEV] Differences in SASL realisation in jabberd2 and ejabberd
Peter Saint-Andre
stpeter at jabber.org
Mon Jan 12 11:51:33 CST 2004
On Mon, Jan 12, 2004 at 10:07:18AM +0300, Alexey Nezhdanov wrote:
> Hello. Recently tryed to use SASL against ejabberd.
> Found several differences:
> 1) challenge responces.
> jabberd2 response:
> realm="jabber.penza-gsm.ru",nonce="baca3d3c76bab6edb7d7f2736733cf63300f9595",qop=auth,charset=utf-8,algorithm=md5-sess
> ejabbed response:
> nonce="1303694217",qop="auth",charset=utf-8,algorithm=md5-sess
>
> The main problem is that double quotes appears in one case and disappears in
> the another. The worst problem that I can't find out which case is proper.
Yes, RFC 2831 is ambiguous on this. I will try to find out what is
right. It could be that the double-quotes are optional.
> RFC2831 extract:
> snake at sarge:/mnt/hda2/var/lib/cvs/jabberpy2/ietf-docs$ grep qop rfc2831.txt,v
> qop-options = "qop" "=" <"> qop-list <">
> qop-list = 1#qop-value
> qop-value = "auth" | "auth-int" | "auth-conf" |
> qop = "qop" "=" qop-value
> On the other hand here is example challenge from the same RFC:
> S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
> response=d388dad90d4bbd760a152321f2143af7,qop=auth
>
> Also as you can see - there are no "realm" field in ejabbed challenge. Do not
> know if it is error or not.
The realm is optional per RFC 2831.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.php
More information about the JDev
mailing list