pidgin 2.6 doesn't allow plaintext authentication with ssl transport

Paul Aurich darkrain42 at pidgin.im
Mon Aug 31 22:03:45 EDT 2009 

And Encolpe Degoute spoke on 08/31/2009 02:12 PM, saying:
> Hello,
> 
> With this configuration:
> 
>     <settings>
>       <setting name='check-mail' type='bool'>0</setting>
>       <setting name='connect_server' type='string'></setting>
>       <setting name='bosh_url' type='string'></setting>
>       <setting name='old_ssl' type='bool'>0</setting>
>       <setting name='auth_plain_in_clear' type='bool'>1</setting>
>       <setting name='require_tls' type='bool'>1</setting>
>       <setting name='ft_proxies' type='string'>proxy.eu.jabber.org</setting>
>       <setting name='use-global-buddyicon' type='bool'>1</setting>
>       <setting name='custom_smileys' type='bool'>1</setting>
>       <setting name='port' type='int'>5222</setting>
>     </settings>
> 
> 
> Here the logs:
>                                                                                                                        
> 
> (22:57:38) jabber: Recv (ssl)(178): <stream:features
> xmlns:stream='http://etherx.jabber.org/streams'><mechanisms
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>GSSAPI</mechanism></mechanisms></stream:features>                                                                                                                                         
> 
> (22:57:38) sasl: Mechs found:
> GSSAPI                                                                                                                                           
> 
> (22:57:38) sasl: No worthy mechs found
> 
> 
> Why pidgin 2.6 force a sasl authentication when the configuration ask
> for a plaintext authentication.
> It works well with tkabber and pidgin <2.6.
> 
> Regards
> 

I'm not entirely sure what the issue is here.

If the server advertises SSL support, Pidgin will attempt to upgrade the
connection to SSL even if you do not have "Require SSL/TLS" checked (which
 you do have checked). I think you're referring to the "Allow plaintext
auth over unencrypted streams" option, which *only* enters into the
equation if the server does not offer SSL and all other mechanisms besides
SASL PLAIN fail (or are not offered...or IQ Auth is in use).

The log snippets you've pasted indicate that the server simply isn't
offering a valid mechanism that Pidgin knows how to authenticate with
(typically servers offer PLAIN or DIGEST-MD5).

Could you include full (unedited) logs of the entire connection process as
well as the error messages Pidgin displays, please? If you'd like, you may
email them to me directly.

~Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20090831/7af0e8db/attachment.sig>

More information about the Support mailing list