powered by Jive Software

DIGEST-MD5 Changed Recently?

Has DIGEST authentication changed recently (version >3.3.0) that would cause a previously working SASL DIGEST implementation to stop working

I know that Pidgin’s subsequent authentication doesn’t work with DIGEST now, but has something changed that would disallow DIGEST authentication to work?



Have you upgraded pidgin at all? Or Java? Openfire’s DIGEST-MD5 is just Sun’s implementation in Java, so unless you changed Java, your Openfire logic likely hasnt changed.

What sort of behavior are you seeing?

My previously working DIGEST-MD5 authentication is not longer being accepted by the server as a proper response, I am getting <failure …><not-authorized/></failre> instead of the expected <success/>

I am using a custom query and database setup; I’ve checked the queries over and they work fine. If I use the PLAIN mechanism, authentication works as expected.

I was wondering if maybe the recent changes to fix Openfire’s throwing an exception when it gets subsequent authentication requests may have caused DIGEST-MD5 not to work at all anymore.

Thanks for your help,

Dallas Gutauckis

Interesting, that does indeed sound like a logic flaw. Ive opened a bug report on this (JM-1186). With debugging enabled, do the openfire logs give you any messages about the failed login?

How does one enable logging specifically? Just in run-time, nothing is posted to the log directory when I try authenticate with the DIGEST-MD5 mechanism based on a tail -f of the directory’s files.


I don’t know what has changed, but i couldn’t log in either from Psi after upgrading from 3.3.3 to 3.4.1.

In orther to log in from Psi I have to:

  • modify account

  • Select “Misc” Tab

  • Check “Authenticate as” options

  • Fill in my complete jid in the “User” field (me@myserver.org) and the xmpp domain in the “Realm” field (myserver.org).

This only happens in a server where the xmpp domain is different from the hostname.

Hope that helps!