[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing
simon at josefsson.org
Tue Nov 3 09:58:34 CST 2009
Dave Cridland <dave at cridland.net> writes:
>> > So in the short term, I can spin that up against whatever concrete
>> > server you have that'll use SCRAM-SHA-1, I think. I believe it'll
>> > at least some forms of channel binding, too.
>> I have a public IMAP test server up and running with SCRAM-SHA-1
>> support. No channel binding support yet. Host
>> username 'user' and password 'pencil'. See:
> Excellent, I'll point my client at that and see what happens.
gnu-imap4d: recv: AUTH AUTHENTICATE SCRAM-SHA-1
gnu-imap4d: sent: +
gnu-imap4d: recv: biwsbj11c2VyLHI9Mzc5NTQyMjI2OTE2
gnu-imap4d: sent: + cj0zNzk1NDIyMjY5MTZ0K3dlNWpjQmVPUHBaVEo4OU0scz1SRHNLRnhLalNpYTlDYkVPLGk9NDA5Ng==
gnu-imap4d: recv: cj0zNzk1NDIyMjY5MTZ0K3dlNWpjQmVPUHBaVEo4OU0sYz1iZz09LHA9L0tQQ0hSa3BxdDBEK2NiTXA5Q3dzbXBDZXMwPQ==
gnu-imap4d: GSASL error: SASL mechanism could not parse input
gnu-imap4d: sent: AUTH NO AUTHENTICATE SCRAM-SHA-1 authentication failed
As far as I can tell, your client-final message is broken. B64-decoded
your message was:
However the spec says that c value needs to be first:
channel-binding = "c=" base64
;; base64 encoding of cbind-input
channel-binding "," nonce [","
client-final-message-without-proof "," proof
So hopefully it is Just A Small Matter of, err, reordering the fields
and things will work. Hopefully.
More information about the JDev