[Standards] [Fwd: Re: jingle client authentication error in jabber server]

Matthias Wimmer m at tthias.eu
Wed Jan 31 10:10:09 UTC 2007

Peter Saint-Andre schrieb:
> <aborted/>
> <incorrect-encoding/>
> <invalid-authzid/>
> <invalid-mechanism/>
> <mechanism-too-weak/>
> <not-authorized/>
> <temporary-auth-failure/>
> If we need more error conditions, we can define them in the next
> version of the spec.

I've had a look at man sasl_errors (from cyrus SASL) to check if all 
Cyrus errors map well on the above errors.

The following errors have been interesting:

- SASL_TRANS: One time use of plaintext password will enable requested 
mechanism for user.

I think it would be interesting to have such a XMPP-SASL error condition 
as well. It's required if you have hashed passwords (e.g. salted SHA-1) 
on the server and need to get the plain password to verify them, and 
build a hash suitable to authenticate with DIGEST-MD5 the next time 
(DIGEST-MD5 as an example).

- SASL_EXPIRED: Passphrase expired, must be reset.

- SASL_DISABLED: Account disabled

- SASL_NOVERIFY: User exists, but no verifier for user

Tot kijk

Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070131/be11349f/attachment.bin>

More information about the Standards mailing list