Re: pidgin 2.6 doesn't allow plaintext authentication with ssl transport

Mon, 31 Aug 2009 19:04:17 -0700 

And Encolpe Degoute spoke on 08/31/2009 02:12 PM, saying:
> Hello,
> 
> With this configuration:
> 
>     <settings>
>       <setting name='check-mail' type='bool'>0</setting>
>       <setting name='connect_server' type='string'></setting>
>       <setting name='bosh_url' type='string'></setting>
>       <setting name='old_ssl' type='bool'>0</setting>
>       <setting name='auth_plain_in_clear' type='bool'>1</setting>
>       <setting name='require_tls' type='bool'>1</setting>
>       <setting name='ft_proxies' type='string'>proxy.eu.jabber.org</setting>
>       <setting name='use-global-buddyicon' type='bool'>1</setting>
>       <setting name='custom_smileys' type='bool'>1</setting>
>       <setting name='port' type='int'>5222</setting>
>     </settings>
> 
> 
> Here the logs:
>                                                                               
>                                          
> 
> (22:57:38) jabber: Recv (ssl)(178): <stream:features
> xmlns:stream='http://etherx.jabber.org/streams'><mechanisms
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>GSSAPI</mechanism></mechanisms></stream:features>
>                                                                               
>                                                            
> 
> (22:57:38) sasl: Mechs found:
> GSSAPI                                                                        
>                                                                    
> 
> (22:57:38) sasl: No worthy mechs found
> 
> 
> Why pidgin 2.6 force a sasl authentication when the configuration ask
> for a plaintext authentication.
> It works well with tkabber and pidgin <2.6.
> 
> Regards
> 

I'm not entirely sure what the issue is here.

If the server advertises SSL support, Pidgin will attempt to upgrade the
connection to SSL even if you do not have "Require SSL/TLS" checked (which
 you do have checked). I think you're referring to the "Allow plaintext
auth over unencrypted streams" option, which *only* enters into the
equation if the server does not offer SSL and all other mechanisms besides
SASL PLAIN fail (or are not offered...or IQ Auth is in use).

The log snippets you've pasted indicate that the server simply isn't
offering a valid mechanism that Pidgin knows how to authenticate with
(typically servers offer PLAIN or DIGEST-MD5).

Could you include full (unedited) logs of the entire connection process as
well as the error messages Pidgin displays, please? If you'd like, you may
email them to me directly.

~Paul

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
[email protected] mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support

Reply via email to