[jdev] Sasl Md5 Digest Authentication Problem
Dave Cridland
dave at cridland.net
Thu Mar 17 17:24:25 CST 2011
On Thu Mar 17 23:12:50 2011, A.Wagner wrote:
> i am getting the challenge and build the response:
> <response
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>longbase64encodedstring</response>
>
>
You almost never want to write your own DIGEST-MD5 code. (Aside from
the fact that SCRAM is easier and better, lots of people have written
DIGEST-MD5 code, and it'll probably "just work").
> but then the server always responds with (even when response stanza
> is empty):
> <failure
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><invalid-authzid/></failure>
>
>
I'm guessing this is jabber.org you're testing against. I'm not sure
that's a great idea, but in any case that's a generic error with that
implementation, so it could very easily be almost any error, in fact.
> Which format the authid (authid:realm:passwd) and authzid
> (Y:nonce:cnonce(:authzid)) must have?
> testuser, testuser at test.org, testuser at test.org/unknownclient ?
>
>
Either of the first two *with that implementation*, but typically the
first.
> Why this failure is returned even when the response stanza is
> empty?:
> <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></response>
Because something is wrong, and it will not provide detailed errors
in case of an attack.
Dave.
--
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the JDev
mailing list