How to configure sasl on openfire on windows xp with apache (xampp install)

dror · August 6, 2007, 2:07pm

Hi

I`m trying to work with jsjac(javascript jabber lib) and openfire on windows xp with apache(xampp installation).

jsjac sends request to the httpbinding of openfire but return error about sasl.

What kinds of sasl are there, when do I use each one and how do I configure it?

Should I use it at all or can I just disable the sasl?

Thanks

Jay · August 6, 2007, 2:35pm

SASL is the preferred authentication method of Jabber. There are several different “mechanisms” that sasl can use, and the server advertises to the client which it supports. Most servers will support PLAIN (authenticate using a plain-text username/password) and various MD5’'s (CRAM-MD5 or DIGEST-MD5). Some support more fancy methods like GSSAPI.

If your client dosnt support SASL, you should be able to authenticate via the old iq:auth method without changing anything on the server.

Hope this info helps you.

dror · August 6, 2007, 3:14pm

Thank you for your answer.

You said that the server advertises to the client which sasl mechanism it supports.

By the server do you mean openfire in this case or apache? and is the client the jabber client, spark for example?

If openfire is the server, what mechanisms it supports by default and how do I switch between them?

Im using javascript lib which usses the httpbinding (Im trying the non secure port). I manage to register a new user but can`t connect and get an error: “ASL Digest-MD5: server response with wrong rspauth”

You said that I should be able to authenticate via the iq:auth method. Can I do it through httpbinding?

Thanks.

Jay · August 6, 2007, 3:53pm

Im talking about the Openfire server. Im not sure how all the auth stuff passes through for httpbinding- maybe someone else can chime in on that topic.

From the sounds of it, your javascript libraries are not generating the DIGEST-MD5 in a way Openfire likes. I ran into this with a few clients. DIGEST-MD5 has a way of using your last login as a “shortcut” to authenticate again. Which with httpbinding this may be the case- but Openfire dosnt seem to support that style of DIGEST-MD5. You might try switching to just PLAIN for testing, and maybe figure out whats going on with DIGEST-MD5 later.

In Openfire you can configure which mechanisms are advertised in openfire.xml by doing adding a sasl stanza:

<sasl>
   <mechanisms>PLAIN</mechanisms>
</sasl>