Jens Mikkelsen wrote:
On Thu, 2005-01-06 at 14:24, Christoph Schmidt wrote:
Jens Mikkelsen schrieb:
...
What I can't find out is, what SASL exactly does.
Actually I looked at the RFC, but I just needed a quick overview of whathttp://www.ietf.org/rfc/rfc2222.txt
it was, hence I asked here. But I'll guess I'll have to read it.
In one line: TLS does encryption of the TCP connection, SASL does authentiction of the IM user.
The login process of an XMPP client using XMPP-1.0 goes as follows:
1. Client makes a normal TCP connection to the XMPP server. This is not encrypted or anything; just a socket.
2. Client and server exchange some XML so tell eachother that they support TLS. Still not encrypted.
3. Client and server do TLS handshake so that they can encrypt data over that socket from then on.
4. Client and server exchange some more XML to authenticate the IM user with SASL.
SASL is basically a lot of different ways to authenticate. In SASL, a way to authenticate is called a mechanism.
For example:
- plaintext: just send the password and username
- digest: send the MD5 of some random data + plaintext password
- sspi: Windows authentication
- ... more exist but are used only in specific cases such as for keycard based authentication or iris scanners or whatever ;-)
Most clients (and servers) only support the first two mechanisms.
Take a look at the XML traffic console of Pandion or Exodus to see TLS and SASL being used when you log in.
Then compare it with the data that you see in Ethereal or some other network sniffer. TLS takes place before SASL.
_______________________________________________
jdev mailing list
[email protected]
http://mail.jabber.org/mailman/listinfo/jdev
