[Pidgin] #5008: XMPP: "Not Authorized" when logging into Openfire 3.4.5 server

Pidgin trac at pidgin.im
Sun Mar 2 09:55:58 EST 2008 

#5008: XMPP: "Not Authorized" when logging into Openfire 3.4.5 server
--------------------+-------------------------------------------------------
Reporter:  centrex  |       Owner:  nwalp                  
    Type:  defect   |      Status:  new                    
Priority:  minor    |   Component:  XMPP                   
 Version:  2.4.0    |    Keywords:  openfire not-authorized
 Pending:  0        |  
--------------------+-------------------------------------------------------
 Since Pidgin 2.4.0, all of our users are getting "Not Authorized" when
 trying to connect to our Openfire 3.4.5 server via SSL.

 Our Openfire 3.4.5 server has JIDs like

 joe at centrex.com
 bob at centrex.com and so forth.

 The actual server's FQDN however is jabber.centrex.org. Pidgin usually
 detects the SRV records for centrex.com and finds out that XMPP is at
 jabber.centrex.com.

 Here's where the problem seems to lie. Since Pidgin 2.4.0, it seems to do
 the SRV lookup and try to log users in as joe at jabber.centrex.com

 The Openfire debug log shows:

 2008.03.02 22:15:47 NIOConnection: startTLS: using c2s
 2008.03.02 22:15:53 SASLAuthentication: SaslException
 javax.security.sasl.SaslException: DIGEST-MD5: digest response format
 violation. Mismatched URI: xmpp/jabber.centrex.com; expecting:
 xmpp/centrex.com

 The Pidgin debug log shows:

 (00:21:28) account: Connecting to account joe at centrex.com/Home
 (00:21:28) connection: Connecting. gc = 01A674F8
 (00:21:28) dnssrv: querying SRV record for _xmpp-client._tcp.centrex.com
 (00:21:28) dnssrv: found 1 SRV entries
 (00:21:28) dnsquery: Performing DNS lookup for jabber.centrex.com
 (00:21:29) dnsquery: IP resolved for jabber.centrex.com
 (00:21:29) proxy: Attempting connection to 21.32.57.77
 (00:21:29) proxy: Connecting to jabber.centrex.com:5222 with no proxy
 (00:21:29) proxy: Connection in progress
 (00:21:30) proxy: Connected to jabber.centrex.com:5222.
 (00:21:30) jabber: Sending: <?xml version='1.0' ?>
 (00:21:30) jabber: Sending: <stream:stream to='centrex.com'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 version='1.0'>
 (00:21:30) GLib-GObject: invalid cast from `GtkEventBox' to `GtkButton'
 (00:21:30) Gtk: gtk_button_get_relief: assertion `GTK_IS_BUTTON (button)'
 failed
 (00:21:31) jabber: Recv (188): <?xml version='1.0'
 encoding='UTF-8'?><stream:stream
 xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
 from="centrex.com" id="c5d1a1b" xml:lang="en" version="1.0">
 (00:21:32) jabber: Recv (396): <stream:features><starttls
 xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms
 xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-
 MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>CRAM-
 MD5</mechanism></mechanisms><compression
 xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
 xmlns="http://jabber.org/features/iq-auth"/></stream:features>
 (00:21:32) jabber: Sending: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-
 tls'/>
 (00:21:36) jabber: Sending (ssl): <stream:stream to='centrex.com'
 xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'
 version='1.0'>
 (00:21:37) jabber: Recv (ssl)(523): <?xml version='1.0'
 encoding='UTF-8'?><stream:stream
 xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
 from="centrex.com" id="c5d1a1b" xml:lang="en"
 version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns
 :xmpp-sasl"><mechanism>DIGEST-
 MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>CRAM-
 MD5</mechanism></mechanisms><compression
 xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth
 xmlns="http://jabber.org/features/iq-auth"/></stream:features>
 (00:21:37) sasl: Mechs found: DIGEST-MD5 PLAIN CRAM-MD5
 (00:21:37) jabber: Sending (ssl): <auth xmlns='urn:ietf:params:xml:ns
 :xmpp-sasl' mechanism='DIGEST-MD5'/>
 (00:21:37) gtkappbar: gtk_appbar_callback: ABN_FULLSCREENAPP: 0
 (00:21:38) jabber: Recv (ssl)(220): <challenge
 xmlns="urn:ietf:params:xml:ns:xmpp-
 sasl">cmVhbG09ImNlbnRyZXhnYXRlLmluZm8iLG5vbmNlPSIxcW9sZnFIdHUrVWQvdlUyMVlGTUZyNUkrRmd0ZXJVYUYrVHF2U3J1Iixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz</challenge>
 (00:21:38) sasl: DIGEST-MD5 client step 2
 (00:21:38) jabber: Sending (ssl): <response xmlns='urn:ietf:params:xml:ns
 :xmpp-
 sasl'>dXNlcm5hbWU9ImFsZXgiLHJlYWxtPSJjZW50cmV4Z2F0ZS5pbmZvIixub25jZT0iMXFvbGZxSHR1K1VkL3ZVMjFZRk1GcjVJK0ZndGVyVWFGK1RxdlNydSIsY25vbmNlPSJPUzBIVFdSbVFpWndYWHAyUlJJN0htNGFZMnQvZjA0eUlpWnJBekFMVmdjPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0ieG1wcC9pbS5jZW50cmV4Z2F0ZS5pbmZvIixyZXNwb25zZT0yZDQzNTFkZTY0YTdiZWFlYzk3OGM3ZDBjNDQ0Yzk3NQ==</response>
 (00:21:39) jabber: Recv (ssl)(77): <failure xmlns="urn:ietf:params:xml:ns
 :xmpp-sasl"><not-authorized/></failure>
 (00:21:39) account: Disconnecting account 00C85138
 (00:21:39) connection: Disconnecting connection 01A674F8
 (00:21:39) connection: Destroying connection 01A674F8

-- 
Ticket URL: <http://developer.pidgin.im/ticket/5008>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list