[jdev] implementing SASL digest in client library

Andrew Plotkin erkyrath at eblong.com
Thu Mar 23 13:06:29 CST 2006

I implemented this months ago, and it worked, but I never fully tested it 
with non-ASCII usernames and passwords. Now I'm running into a problem, 
and I don't know whether it's my fault.

The SASL Digest document (rfc2831) says, in section

    The "username-value", "realm-value" and "passwd" are encoded
    according to the value of the "charset" directive. If "charset=UTF-8"
    is present, and all the characters of either "username-value" or
    "passwd" are in the ISO 8859-1 character set, then it must be
    converted to ISO 8859-1 before being hashed.

If I follow this instruction, authentication doesn't work. (I mean, it 
doesn't work for usernames that contain characters in the 128-255 range. 
If everything fits in ASCII, the two encodings are identical and 
everything works. If there's a character beyond 255, the quoted 
instruction doesn't apply and everything still works.)

If I ignore the instruction (and never convert to 8859-1), then 
authentication works in all cases.

(I tested this against our own ejabberd server and against jabber.org.)

So, did I screw up the implementation somewhere? Is ejabberd behaving 
badly? Or should I be ignoring that line of the spec? (That would surely 
be the easy way out, since it leads to my code working.)


"And Aholibamah bare Jeush, and Jaalam, and Korah: these were the borogoves..."
If the Bush administration hasn't thrown you in military prison without trial,
it's for one reason: they don't feel like it. Not because you're an American.

More information about the JDev mailing list