XMPP Rejecting PLAIN, "No worthy mechs found" Red Hat 5.5

Alan De Smet adesmet at cs.wisc.edu
Wed Sep 8 15:05:25 EDT 2010 

I'm using Pidgin as shipped with Red Hat 5.5.  Pidgin identifies
as "Pidgin 2.6.6-2.el5_4".

When I try to log into our university's XMPP server, Pidgin fails
to connect claiming, "503: Service Unavailable."  Co-workers
using identical installs on the same machine are able to log in
without problem.  I've tried reentering my password repeatedly.
I'm confident it's the correct password.  I've tried wiping out
my ~/.purple directory and starting fresh.  I've tried stracing
Pidgin to see if there were other files in my home directory that
it might be reading and receiving bad information from; I didn't
find any.  I do not have a ~/.pidgin or ~/.gaim.  I nosed around
in gconf-editor for a bit and didn't find anything that seemed
relevant to Pidgin.

Pidgin otherwise works fine; I've been using it to talk to AIM,
YIM, and MSN for years.

Enabling debugging, I notice the following interesting exchange
between Pidgin and the server. This is immediately after
successfully negotiating and enabling TLS, as is required by our
server.  Usernames and passwords have been deleted.

certificate: Successfully verified certificate for wisc.edu
jabber: Sending (ssl) (DELETED at wisc.edu/Work): <stream:stream to='wisc.edu' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
jabber: Recv (ssl)(166): <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='4136428306' from='wisc.edu' version='1.0' xml:lang='en'>
jabber: Recv (ssl)(129): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms></stream:features>
sasl: Mechs found: PLAIN 
sasl: No worthy mechs found
jabber: Sending (ssl) (DELETED at wisc.edu/Work): <iq type='get' id='purple48d8c222'><query xmlns='jabber:iq:auth'><username>DELETED</username></query></iq>
jabber: Recv (ssl)(164): <iq from='wisc.edu' id='purple48d8c222' type='error'><error code='503' type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
connection: Connection error on 0xa222b80 (reason: 0 description: 503: Service Unavailable)

The "No worthy mechs found" seems suspicious.  Comparing to a
co-worker who is able to log in with an identical install, I see
this, which looks like I would expect:

certificate: Successfully verified certificate for wisc.edu
jabber: Sending (ssl) (DELETED at wisc.edu/Work): <stream:stream to='wisc.edu' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
jabber: Recv (ssl)(166): <?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='3897413721' from='wisc.edu' version='1.0' xml:lang='en'>
jabber: Recv (ssl)(129): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms></stream:features>
sasl: Mechs found: PLAIN 
jabber: Sending (ssl) (DELETED at wisc.edu/Work): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>

To my relatively clueless eyes, it looks like the remote server
is saying, "Please use PLAIN."  When my coworker runs Pidgin,  it
replies with the password.  When I run Pidgin, it replies with "I
don't understand PLAIN, what other options are there?"

It was suggested that the package cyrus-sasl-plain might be
missing, but RPM reports that cyrus-sasl-plain-2.1.22-5.el5_4.3
is installed.  And even if it was, it doesn't explain why a
co-worker using the same machine and same binary didn't encounter
this problem.

I've been using Pidgin for years, back since it was GAIM.  I
previously used it with XMPP servers, but not recently.
It's entirely possible that I have some old configuration that is
causing problems, but I have no idea where I might find it to
remove or fix.

Can anyone offer suggestions for fixing this? 

I have longer logs, both from me and the co-worker who is
successfully using Pidgin to talk to our XMPP server.  If there
are additional subsets that would be useful, please let me know.

-- 
Alan De Smet                              Condor Project Research
adesmet at cs.wisc.edu                http://www.cs.wisc.edu/condor/

More information about the Support mailing list