pidgin 2.6 doesn't allow plaintext authentication with ssl transport
Encolpe Degoute
encolpe.degoute at free.fr
Tue Sep 8 09:54:13 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Aurich a écrit :
> And Encolpe Degoute spoke on 08/31/2009 02:12 PM, saying:
>> Hello,
>>
>> With this configuration:
>>
>> <settings>
>> <setting name='check-mail' type='bool'>0</setting>
>> <setting name='connect_server' type='string'></setting>
>> <setting name='bosh_url' type='string'></setting>
>> <setting name='old_ssl' type='bool'>0</setting>
>> <setting name='auth_plain_in_clear' type='bool'>1</setting>
>> <setting name='require_tls' type='bool'>1</setting>
>> <setting name='ft_proxies'
type='string'>proxy.eu.jabber.org</setting>
>> <setting name='use-global-buddyicon' type='bool'>1</setting>
>> <setting name='custom_smileys' type='bool'>1</setting>
>> <setting name='port' type='int'>5222</setting>
>> </settings>
>>
>>
>> Here the logs:
>>
>>
>> (22:57:38) jabber: Recv (ssl)(178): <stream:features
>> xmlns:stream='http://etherx.jabber.org/streams'><mechanisms
>>
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>GSSAPI</mechanism></mechanisms></stream:features>
>>
>> (22:57:38) sasl: Mechs found:
>>
GSSAPI
>>
>> (22:57:38) sasl: No worthy mechs found
>>
>>
>> Why pidgin 2.6 force a sasl authentication when the configuration ask
>> for a plaintext authentication.
>> It works well with tkabber and pidgin <2.6.
>>
>> Regards
>>
>
> I'm not entirely sure what the issue is here.
>
> If the server advertises SSL support, Pidgin will attempt to upgrade the
> connection to SSL even if you do not have "Require SSL/TLS" checked (which
> you do have checked). I think you're referring to the "Allow plaintext
> auth over unencrypted streams" option, which *only* enters into the
> equation if the server does not offer SSL and all other mechanisms besides
> SASL PLAIN fail (or are not offered...or IQ Auth is in use).
The server provides SSL for the transport but not any SASL mechanism
fo authentication. The only authentication mechanism available is
plain text.
This configuration is working with pidgin 2.5 (ubuntu jaunty).
>
> The log snippets you've pasted indicate that the server simply isn't
> offering a valid mechanism that Pidgin knows how to authenticate with
> (typically servers offer PLAIN or DIGEST-MD5).
>
> Could you include full (unedited) logs of the entire connection process as
> well as the error messages Pidgin displays, please? If you'd like, you may
> email them to me directly.
Here comes the logs.
Thanks to your attention.
- --
Encolpe DEGOUTE
http://encolpe.degoute.free.fr/
Logiciels libres, hockey sur glace et autres activités cérébrales
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqmYdMACgkQvFPzBBlIZMPqGgCggbPMjNX+36likFIpaoxiCdsC
HysAmQHpkLjSQAMAKYLo9Tv0oBtFOdXS
=IyvG
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-trace.txt.gz
Type: application/x-tar
Size: 4519 bytes
Desc: not available
URL: <http://pidgin.im/pipermail/support/attachments/20090908/bcabdbcb/attachment-0002.tar>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-trace.txt.gz.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
URL: <http://pidgin.im/pipermail/support/attachments/20090908/bcabdbcb/attachment.sig>
More information about the Support
mailing list