yahoo's authentication method
John Bailey
rekkanoryo at rekkanoryo.org
Thu Feb 19 20:07:13 EST 2009
Al Cohen wrote:
> I am trying to make some senses out of the
> libpurple/protocols/yahoo/yahoo.c.
>
> 1) What are the differences between yahoo_process_auth_new() and
> yahoo_process_auth_old()? Is the "new" for 9.x and "old" for 8.x and
> older?
yahoo_process_auth_new() is for the "new" authentication mechanism Yahoo
introduced a few years back, around the time of our 0.73 release (give or take a
release). Cerulean Studios was gracious enough to write a patch that enabled us
to use this login method when that change occurred.
yahoo_process_auth_old() is for the old authentication scheme present in Yahoo
Messenger 6 and earlier. It's not used anymore, and I'm considering giving that
code the axe given we have somewhat reliable information indicating that all
"legacy" authentication (including what we're using now) will be permanently
discontinued in the coming weeks/months.
We don't currently have an implementation for the authentication scheme
described below for Yahoo 9.
> 2) Does TRY_WEBMESSENGER_LOGIN really works? Can someone tell me the
> pros/cons on using this vs the other two yahoo_process_auth_old/new?
This worked the last time we needed it. Logging in via web messenger disables
almost all the useful features, though, as the web client supports only
messaging and available/busy statuses. Using a normal login method is preferable.
> Lastly, I notice in Yahoo 9.x, it talks to scs1.msg.yahoo.com instead of
> YAHOO_PAGER_HOST "scs.msg.yahoo.com". When I change to scs1 in my pidgin,
> I cannot login. What's going on?
The last time I used Yahoo 9 it connected to one of the following servers in
random succession:
cs101.msg.sp1.yahoo.com - cs130.msg.sp1.yahoo.com
cs101.msg.ac4.yahoo.com - cs130.msg.ac4.yahoo.com
Yahoo 9 uses YMSG protocol version 0x10 (16), which has an entirely different
authentication mechanism involving an HTTPS request to login.yahoo.com. Trying
to connect to the servers Yahoo 9 uses won't work because they don't listen for
the legacy login packets.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20090219/028c650b/attachment.sig>
More information about the Devel
mailing list