[jdev] Sasl Md5 Digest Authentication Problem

Dave Cridland dave at cridland.net
Thu Mar 17 17:24:25 CST 2011

On Thu Mar 17 23:12:50 2011, A.Wagner wrote:
> i am getting the challenge and build the response:
> <response   
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>longbase64encodedstring</response>
You almost never want to write your own DIGEST-MD5 code. (Aside from  
the fact that SCRAM is easier and better, lots of people have written  
DIGEST-MD5 code, and it'll probably "just work").

> but then the server always responds with (even when response stanza  
> is empty):
> <failure   
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><invalid-authzid/></failure>
I'm guessing this is jabber.org you're testing against. I'm not sure  
that's a great idea, but in any case that's a generic error with that  
implementation, so it could very easily be almost any error, in fact.

> Which format the authid (authid:realm:passwd) and authzid  
> (Y:nonce:cnonce(:authzid)) must have?
> testuser, testuser at test.org, testuser at test.org/unknownclient ?
Either of the first two *with that implementation*, but typically the  

> Why this failure is returned even when the response stanza is  
> empty?:
> <response  xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></response>

Because something is wrong, and it will not provide detailed errors  
in case of an attack.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list