[jdev] SASL debugging

Vinod Panicker vinod.p at gmail.com
Thu Dec 8 23:05:43 CST 2005 

On 12/9/05, Yves Goergen <nospam.list at unclassified.de> wrote:
> On 08.12.2005 18:11 (+0100), Vinod Panicker wrote:
> > Can you provide the stanzas that are being sent back and forth?
>
> Sure. Here's the conversation to the server: (sorry for the long lines)
>
> C: <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
>
> S: <challenge
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bm9uY2U9IjQwNTQ2MjIyNzMiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
>
> C: <response
> xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9InRlc3QiLG5vbmNlPSI0MDU0NjIyMjczIixjbm9uY2U9IjNlMDI3NTNhNmYzZGQ3NTgxMDQxM2UxZDNkZTYzNjlkNTM3ODEzNTM2MmQyNTM4NGU4NTJmNWY0YjQ1ZjRiZDciLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvZG90Zm9yd2FyZC5kZSIscmVzcG9uc2U9M2QyNTA2MTEyZGQ2NDk5NTQ3YjczODEwZTIzYTgzYWMsY2hhcnNldD11dGYtOA==</response>
>
> S: <failure
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>
>
> This is the connection to my server. Need the username/password/etc I
> used to create this? I cannot track Google Talk, they require TLS I've
> heard and I won't be able to read that with my TCP logger.
>
> I can also show you the code I used to generate the response, if you
> like to try it yourself.

I thought you said it was an encoding error.  The encoding on these
stanzas look fine to me.  From what I see from the decoded response
that you are sending, the "realm" is missing, although its an optional
parameter IIRC -

username="test",nonce="4054622273",cnonce="3e02753a6f3dd75810413e1d3de6369d5378135362d25384e852f5f4b45f4bd7",nc=00000001,qop=auth,digest-uri="xmpp/dotforward.de",response5=3d2506112dd649947b73810e23a83ac,charset=utf-8

Maybe you could try with realm="dotforward.de" added in the above
string like this -

username="test",realm="dotforward.de",nonce="4054622273",cnonce="3e02753a6f3dd75810413e1d3de6369d5378135362d25384e852f5f4b45f4bd7",nc=00000001,qop=auth,digest-uri="xmpp/dotforward.de",response5=3d2506112dd649947b73810e23a83ac,charset=utf-8

Usually, a not-authorized means that you are missing the right
credentials (incorrect username/password).  Do check on that as the
first thing.

Regards,
Vinod.

More information about the JDev mailing list