[JDEV] Differences in SASL realisation in jabberd2 and ejabberd
Alexey Nezhdanov
snake at penza-gsm.ru
Mon Jan 12 13:34:37 CST 2004
Peter Saint-Andre wrote:
>On Mon, Jan 12, 2004 at 10:07:18AM +0300, Alexey Nezhdanov wrote:
>
>
>>Hello. Recently tryed to use SASL against ejabberd.
>>Found several differences:
>>1) challenge responces.
>>jabberd2 response:
>>realm="jabber.penza-gsm.ru",nonce="baca3d3c76bab6edb7d7f2736733cf63300f9595",qop=auth,charset=utf-8,algorithm=md5-sess
>>ejabbed response:
>>nonce="1303694217",qop="auth",charset=utf-8,algorithm=md5-sess
>>
>>The main problem is that double quotes appears in one case and disappears in
>>the another. The worst problem that I can't find out which case is proper.
>>
>>
>
>Yes, RFC 2831 is ambiguous on this. I will try to find out what is
>right. It could be that the double-quotes are optional.
>
>
My opinion is that values MUST be quoted when the value is string
(variable that can not be predicted) and MUST NOT be quoted when the
value is "one of pre-defined values".
F.e. qop may be one of "auth", "auth-int", "auth-conf", "token" so MUST
NOT be quoted.
--
Respectively
Alexey Nezhdanov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20040112/3c1e5ec5/attachment-0002.htm>
More information about the JDev
mailing list