[jdev] No realm from server
Peter Saint-Andre
stpeter at stpeter.im
Mon Nov 9 15:41:15 CST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/10/09 6:25 AM, Kurt Zeilenga wrote:
>
> On Nov 9, 2009, at 5:24 AM, Sebastiaan Deckers wrote:
>
>> Both RFC2831 (Digest SASL) and RFC3920 (XMPP Core) do not specify what
>> the realm should be treated as by the client if it is missing from the
>> challenge.
>>
>
> RFC 2831 says about the server's advertise of realms:
>
> This directive is
> optional; if not present, the client SHOULD solicit it from the
> user or be able to compute a default; a plausible default might be
> the realm supplied by the user when they logged in to the client
> system. Multiple realm directives are allowed, in which case the
> user or client must choose one as the realm for which to supply to
> username and password.
>
> and says this about the client's response:
>
> The realm containing the user's account. This directive is
> required if the server provided any realms in the
> "digest-challenge", in which case it may appear exactly once and
> its value SHOULD be one of those realms. If the directive is
> missing, "realm-value" will set to the empty string when computing
> A1 (see below for details).
>
> If the server provides one realm, use that.
> If the server provides none: the client should ask the user for it and
> if the user provides one, use that. Otherwise none. (If you want to
> suggest one for the client to use, suggest the domain of the user's JID.)
> If the server provides multiple: the client should choose which to use.
Perhaps it would be helpful to write an informational XEP about the use
of DIGEST-MD5?
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr4jHsACgkQNL8k5A2w/vxH6ACg6hIne3e+bkHiRc6hdOBd4VX1
HZIAnRCwuJeG43DZAGUOrvWEZX1noc96
=dedp
-----END PGP SIGNATURE-----
More information about the JDev
mailing list