RFC4616 says that in case SASL authzid parameter is null it is derived from authentication ID specified for authentication.
for SASL PLAIN, we’ve been sending “userid\0userid\0password” instead of “\0userid\0password”.
Haven’t checked this for Kerberos yet, but with Kerberos “userid@REALM” and “userid/userid@REALM” are different principals.
As a result, authentication with some XMPP server fails (I have one I have access to, jabberd 2.0-based with LDAP authentication, unfortunately not public).
I did run a simple Jython script to test:
from org.jivesoftware.smack import XMPPConnection c = XMPPConnection("sgh.waw.pl")
c.connect()
c.login("saper", "*mypassword*")
The error message is:
Traceback (most recent call last):
File "sgh.jy", line 5, in c.login("saper", "*mypassword*")
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:337)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.smack.Connection.login(Connection.java:348)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) org.jivesoftware.smack.XMPPException: SASL authentication PLAIN failed: temporary-authentication-failure:
A patch against current SMACK trunk is attached as well as inline. Will check against Kerberos tomorrow.
Index: SASLAuthentication.java
===================================================================
--- SASLAuthentication.java (wersja 12901)
+++ SASLAuthentication.java (kopia robocza)
@@ -587,4 +587,4 @@
resourceBinded = false;
sessionSupported = false;
}
-}
\ No newline at end of file
+}
Index: sasl/SASLMechanism.java
===================================================================
--- sasl/SASLMechanism.java (wersja 12901)
+++ sasl/SASLMechanism.java (kopia robocza)
@@ -89,7 +89,7 @@ String[] mechanisms = { getName() };
Map props = new HashMap();
- sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, this);
+ sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this);
authenticate();
} @@ -106,7 +106,7 @@
public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException {
String[] mechanisms = { getName() };
Map props = new HashMap();
- sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
+ sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
authenticate();
} Index: sasl/SASLGSSAPIMechanism.java
===================================================================
--- sasl/SASLGSSAPIMechanism.java (wersja 12901)
+++ sasl/SASLGSSAPIMechanism.java (kopia robocza)
@@ -63,7 +63,7 @@
String[] mechanisms = { getName() };
Map props = new HashMap();
props.put(Sasl.SERVER_AUTH,"TRUE");
- sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, cbh);
+ sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
authenticate();
} @@ -82,7 +82,7 @@
String[] mechanisms = { getName() };
Map props = new HashMap();
props.put(Sasl.SERVER_AUTH,"TRUE");
- sc = Sasl.createSaslClient(mechanisms, username, "xmpp", host, props, this);
+ sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this);
authenticate();
}
p1.zip (617 Bytes)