[Standards] [Fwd: Re: jingle client authentication error in jabber server]

Peter Saint-Andre stpeter at jabber.org
Wed Jan 31 15:45:51 UTC 2007

Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>> <aborted/>
>> <incorrect-encoding/>
>> <invalid-authzid/>
>> <invalid-mechanism/>
>> <mechanism-too-weak/>
>> <not-authorized/>
>> <temporary-auth-failure/>
>> If we need more error conditions, we can define them in the next
>> version of the spec.
> I've had a look at man sasl_errors (from cyrus SASL) to check if all 
> Cyrus errors map well on the above errors.
> The following errors have been interesting:
> - SASL_TRANS: One time use of plaintext password will enable requested 
> mechanism for user.
> I think it would be interesting to have such a XMPP-SASL error condition 
> as well. It's required if you have hashed passwords (e.g. salted SHA-1) 
> on the server and need to get the plain password to verify them, and 
> build a hash suitable to authenticate with DIGEST-MD5 the next time 
> (DIGEST-MD5 as an example).

Ah, I hadn't thought of that use case. :-)

> - SASL_EXPIRED: Passphrase expired, must be reset.
> - SASL_DISABLED: Account disabled
> - SASL_NOVERIFY: User exists, but no verifier for user

How much of that do we want to expose to the end user (or, perhaps, some 
bot maquerading as the user)?

As to the specific error that triggered this thread, it seems that 
<incorrect-encoding/> would be the right condition to return.


Peter Saint-Andre
XMPP Standards Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070131/18212f85/attachment.bin>

More information about the Standards mailing list