[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
Simon Josefsson
simon at josefsson.org
Tue Nov 3 09:58:34 CST 2009
Dave Cridland <dave at cridland.net> writes:
>> > So in the short term, I can spin that up against whatever concrete
>> > server you have that'll use SCRAM-SHA-1, I think. I believe it'll
>> do
>> > at least some forms of channel binding, too.
>>
>> I have a public IMAP test server up and running with SCRAM-SHA-1
>> support. No channel binding support yet. Host
>> nubb.josefsson.org',
>> username 'user' and password 'pencil'. See:
>
> Excellent, I'll point my client at that and see what happens.
gnu-imap4d[28183]: recv: AUTH AUTHENTICATE SCRAM-SHA-1
gnu-imap4d[28183]: sent: +
gnu-imap4d[28183]: recv: biwsbj11c2VyLHI9Mzc5NTQyMjI2OTE2
gnu-imap4d[28183]: sent: + cj0zNzk1NDIyMjY5MTZ0K3dlNWpjQmVPUHBaVEo4OU0scz1SRHNLRnhLalNpYTlDYkVPLGk9NDA5Ng==
gnu-imap4d[28183]: recv: cj0zNzk1NDIyMjY5MTZ0K3dlNWpjQmVPUHBaVEo4OU0sYz1iZz09LHA9L0tQQ0hSa3BxdDBEK2NiTXA5Q3dzbXBDZXMwPQ==
gnu-imap4d[28183]: GSASL error: SASL mechanism could not parse input
gnu-imap4d[28183]: sent: AUTH NO AUTHENTICATE SCRAM-SHA-1 authentication failed
As far as I can tell, your client-final message is broken. B64-decoded
your message was:
r=379542226916t+we5jcBeOPpZTJ89M,c=bg==,p=/KPCHRkpqt0D+cbMp9CwsmpCes0=
However the spec says that c value needs to be first:
channel-binding = "c=" base64
;; base64 encoding of cbind-input
client-final-message-without-proof =
channel-binding "," nonce [","
extensions]
client-final-message =
client-final-message-without-proof "," proof
So hopefully it is Just A Small Matter of, err, reordering the fields
and things will work. Hopefully.
/Simon
More information about the JDev
mailing list