Authentication Bug?

Jake_Morgan · July 24, 2003, 2:54pm

Message Server: 1.0.5 using the internal DB on Solaris 9 with JRE 1.4.1

Client: Smack 1.1.1 on Red Hat 7.2 with JRE 1.3.1

Background:

The policy I am using for the JID is the hostname@sp-4

My two testing machine names are r2d2-2k and 2-1B.

Issue:

The 2-1B is able to create an account with the msg server however is unable to login. The msg server returns error 401 with a null error msg therefore the XMPPException throws a null for its msg. r2d2-2k works as expected.

Workaround:

If I change the user 2-1B to somebody@sp-4 it works which leads me to believe there is a subtle bug in the msg server.

Iain_Shigeoka · July 24, 2003, 4:43pm

Hi,

I think Messenger and Smack are working properly. Your description makes me suspect that you’‘re setup is where the confusion lies. XMPP works just like email as far as addressing goes. The address is broken up into username@server/resource components. The resource is the only difference from a normal email server, and lets a user log into the server with the same user account (username) multiple times (each with a unique resource). It’'s common to see username@server/home and username@server/work logged in for example.

Your Messenger server should be assigned a domain (server.com), and all user accounts on it should then be asigned addresses on that server (jake@server.com, iain@server.com, etc).

So let’‘s say your Messenger server in your setup is ‘‘sp-4’’. When you installed Messenger you should have set it’'s domain to ‘‘sp-4’’, and the chat domain name to ‘‘chat.sp-4’’ without the quote.

Now you can use the web admin interface to Messenger to create user accounts on the server ‘‘jake’’ and ‘‘iain’’. Account creation can also be done inband using Jabber/XMPP clients like Exodus.

So now you’‘ll have two accounts, jake@sp-4 and iain@sp-4. It really doesn’‘t matter what your two client testing machine names are because they don’‘t factor in to XMPP naming (just like a email server doesn’'t know or care what the addresses are of machines that connect to it for sending/receiving email).

In Smack on r2d2-2k you should connect to the jake@sp-4 account with the password you setup. It should log you in. Log in from 2-1b using smack and iain@sp-4 and it’'s account password. Now send a message from jake to iain (create a chat object in the jake client to the iain@sp-4 address and then send a message). The iain client will receive the message.

Next you can start using rosters and presence to detect when people go online/offline.

Hope that helps you get started.

-iain

Jake_Morgan · July 24, 2003, 5:10pm

Thanks for the overview and I will adjust things accordingly However, if things were truly working correctly wouldn’‘t I expect the same result with r2d2-2k@sp-4 or somebody@sp-4 since the code is exactly the same? based on what I’‘m observing this isn’'t the case.

In this project the machine(machine name) is the user and may or may not be known in advance. Are there any plans to allow client registration but an admin will need to accept the registration before the “user” can use the system?

Thank you,

Jake

Iain_Shigeoka · July 24, 2003, 6:25pm

Jake,

You should expect the same behavior for different accounts. However, exceptions are thrown if the account doesn’'t exist, if the password is invalid, or the server is not reachable.

A good way to start, is to test using Exodus against Messenger (Exodus has an option to let you see the XML it’‘s sending/receiving - very handy to see what’‘s going on under the coversr). That will get your addresses, passwords, etc all figured out. Then substitute an instance of your Smack client (with the smack debug flag passed in) to see what smack is doing - and what it’'s doing differently).

Once everything is working with Messenger, Exodus, and one custom Smack client, you can pull Exodus out of the mix and do direct conversations between Smack clients through Messenger.

It seems like more work but it actually goes much faster this way. Messenger and Exodus are ‘‘known good’’ working together which eliminates everything except your setup. Then you can start experimenting with Smack knowing that it is the only variable in the mix.

In this project the machine(machine name) is the user

and may or may not be known in advance. Are there any

plans to allow client registration but an admin will

need to accept the registration before the “user” can

use the system?

Yes. In messenger, log into the web admin, and turn auto-registration off. That prevents in-band automatic registration. Then it’'s up to the adminstrator to create new user accounts using the web admin interface.

New users can request new accounts using some other mechanism (maybe a web page or email). If you’'re looking for anonymous logins, they are also allowed in Messenger (and that can be enabled/disabled through the web admin interface). That way you can login without an account (handy for open chats, etc).

-iain

Gaston_Dombiak · July 24, 2003, 8:13pm

Iain,

However, exceptions are thrown if the account doesn’'t exist, if the password is invalid, or the server is not reachable.

I had just found that if the user does not exist then the client will receive an error 401 with message null. But if the user exists but the password is wrong then the client will get an error 401 with message “Unauthorized”

Regards,

– Gato