On Mon, Jan 12, 2004 at 10:07:18AM +0300, Alexey Nezhdanov wrote: > Hello. Recently tryed to use SASL against ejabberd. > Found several differences: > 1) challenge responces. > jabberd2 response: > realm="jabber.penza-gsm.ru",nonce="baca3d3c76bab6edb7d7f2736733cf63300f9595",qop=auth,charset=utf-8,algorithm=md5-sess > ejabbed response: > nonce="1303694217",qop="auth",charset=utf-8,algorithm=md5-sess > > The main problem is that double quotes appears in one case and disappears in > the another. The worst problem that I can't find out which case is proper. > RFC2831 extract: > [EMAIL PROTECTED]:/mnt/hda2/var/lib/cvs/jabberpy2/ietf-docs$ grep qop rfc2831.txt,v > qop-options = "qop" "=" <"> qop-list <"> > qop-list = 1#qop-value > qop-value = "auth" | "auth-int" | "auth-conf" | > qop = "qop" "=" qop-value > On the other hand here is example challenge from the same RFC: > S: realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth", > response=d388dad90d4bbd760a152321f2143af7,qop=auth
OK, I received clarification about this from one of my SASL guru friends. There are two different instances of "qop": the one sent from the server to the client (or, in s2s, the other server) and the one sent from the client to the server. The "qop" sent from the server to the client is a comma-separated list of qops and must be quoted (even if the list of qops contains only one qop). The "qop" sent from the client to the server is a single qop and therefore is not quoted. Thus jabberd2 has a bug because it is not quoting the qop list it sends out. Peter -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.php _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
