Norman Rasmussen writes:
1.< version> and <stream>
2. <iq to address> and <username>
3. as above with <resource> and <digest>
....
Other stanzas
My questions are why is stanza #3 sent in addition to #2? Can this
<resource> and <digest> information be included in previous stanza via
standard configuration options?
SASL requires that the server sends the client a challenge first, if
you wanted to avoid the round trip you could change to non-sasl and
lose security.
What has been described was non-sasl authentication. The difference between
2 and 3 is, that in 2 the client askes the server which non-sasl
authentication mechanisms are available (Jabber had plain, digest and 0k
mechanism prior to SASL), and 3 is the actual authentication.
Some clients skip 2, but that's against the protocol and I would not
recommend this.
Matthias
