On Thu Mar 17 23:12:50 2011, A.Wagner wrote:
i am getting the challenge and build the response:
<response
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>longbase64encodedstring</response>
You almost never want to write your own DIGEST-MD5 code. (Aside from
the fact that SCRAM is easier and better, lots of people have written
DIGEST-MD5 code, and it'll probably "just work").
but then the server always responds with (even when response stanza
is empty):
<failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><invalid-authzid/></failure>
I'm guessing this is jabber.org you're testing against. I'm not sure
that's a great idea, but in any case that's a generic error with that
implementation, so it could very easily be almost any error, in fact.
Which format the authid (authid:realm:passwd) and authzid
(Y:nonce:cnonce(:authzid)) must have?
testuser, [email protected], [email protected]/unknownclient ?
Either of the first two *with that implementation*, but typically the
first.
Why this failure is returned even when the response stanza is
empty?:
<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></response>
Because something is wrong, and it will not provide detailed errors
in case of an attack.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
