On Wed, Oct 17, 2007 at 02:48 PM, Peter Saint-Andre > On Wed, Oct 17, 2007 at 02:40:26PM -0700, Justin Karneges wrote: > > On Wednesday 17 October 2007 2:11 pm, Mark Doliner wrote: > > > So I've read through XEP-0175[1], and I think I have a pretty good > idea of > > > how SASL ANONYMOUS login is supposed to work (I love the protocol > > > flow--thank you). > > > > > > But it's not clear to me how the client is supposed to specify a > username. > > > This is supposed to be possible, right? Or is the node always > assigned by > > > the server no matter what? Should I just send the base64 encoded > username > > > as text within the 'auth' element? > > > > XEP-175 doesn't seem to mention the fact that SASL ANONYMOUS can send > data. > > The rfc3920bis-04 document even indicates that transmitting an initial > > response with ANONYMOUS is is invalid (section 7.5.5). This is wrong, > > ANONYMOUS can send data, and it can be an initial response or not. See > RFC > > 4505. > > > > The client response for ANONYMOUS is "trace" data. This is just > supposed to > > be some generic id string, possibly an email address (like how anonymous > FTP > > would often ask you to put your email address as the password, that's > what > > this essentially replaces). It might be interesting to specify in XEP- > 175 > > that the trace data may be used as a node suggestion. > > How is ANONYMOUS used right now? Do XMPP servers (1) create a temporary > node or (2) create a temporary resource for some anonymous user? I think > that (1) is probably a safer approach, in which case it might be nice to > specify the "trace" data in version 1.1 of XEP-0175 (and of course correct > rfc3920bis while we're at it).
SASL ANONYMOUS has been broken for a few releases in jabberd2 when using gsasl. For the next release it will generate a random node for the user and will return an error if the client sends any text in the 'auth' tag. I didn't check any other servers. -Mark
