https://bugs.kde.org/show_bug.cgi?id=354473
Pali Rohár <pali.ro...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |UPSTREAM
--- Comment #21 from Pali Rohár <pali.ro...@gmail.com> ---
(In reply to george from comment #20)
> Created attachment 97918 [details]
> kopete debug log using talk.google.com:5222, plaintext, no legacy SSL
>
> Ok, I have tried again. Settings:
>
> talk.google.com, port 5222, no legacy SSL
Looks better. According to my dns output, google has all host+port information
in dns, so default configuration (without overwriting host/port and enabling
legacy ssl) should work.
> The result is the attached log. As soon as I try to go Online, Kopete asks
> me for my password (although I have already entered it and remembered it in
> the account options). I enter it and tick the "Remeber" checkbox again. I
> attempts to login and again pops up asking for password. And so on to
> infinity.
That means that server rejected your password (= authentication failed).
> BUT!
>
> In the meantime I received an email on the Gmail account:
> ------
> Sign-in attempt prevented
>
> Hi SANITIZED,
> Someone just tried to sign in to your Google Account saniti...@gmail.com
> from an app that doesn't meet modern security standards.
> Details:
> Wednesday, March 16, 2016 12:27 AM
> (LOCATION SANITIZED)*
> We strongly recommend that you use a secure app, like Gmail, to access your
> account. All apps made by Google meet these security standards. Using a less
> secure app, on the other hand, could leave your account vulnerable. Learn
> more.
>
> Google stopped this sign-in attempt, but you should review your recently
> used devices:
> ------
>
> Than I went to https://myaccount.google.com/security and saw the option
> Allow less secure apps: OFF. I put it to ON and now I can connect. Put it
> back to OFF and I cannot.
>
> So it seems Kopete can connect only if using plaintext authentication and
> reducing the overall security of the Google account. I definitely don't feel
> safe doing this. Pidgin works with encryption turned on and without having
> to "Allow less secure apps".
Some fancy google security. Nothing standard for jabber protocol. So now we
know where is problem. This is great! Thanks for debugging. First problem is to
properly set settings (no legacy ssl and correct port) and second is to disable
some fancy google security.
> Can you fix that?
I see that google send this list of auth mechanisms:
<mechanism>X-OAUTH2</mechanism>
<mechanism>X-GOOGLE-TOKEN</mechanism>
<mechanism>PLAIN</mechanism>
First twos are some google non standard specific and last third is standard
(plain text). I do not see there any secure SCRAM auth mechanism. So I would
suspect that to connect without that google "less secure option" it is needed
to support one of that first two specific google auth mechanisms...
Anyway, Kopete for jabber connection (and also this authentication!) uses
external libiris library. So I cannot fix this problem in Kopete. It would mean
to implemented either X-OAUTH2 or X-GOOGLE-TOKEN in libiris. So please report
this problem to upstream libiris project. Now when we know that this is 100%
not in Kopete, I will close this bug as cannot do more. Project page of libiris
is: https://github.com/psi-im/iris
> Also - how do I debug to debug if the situation with Telepathy is the same?
> (which I suppose is quite possible) Maybe that might be worth a separate
> ticket.
I have no idea hwo KDE Telepathy is working and how to debug it. Please ask
this on Telepathy project.
--
You are receiving this mail because:
You are watching all bug changes.
