Whenever one of our users logs in using the SASL DIGEST-MD5 mechanism and an incorrect password, something like this is added to warn.log.
2006.07.19 08:45:11 SaslException
javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Se rver.java:606)
at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.j ava:226)
at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :248)
at org.jivesoftware.wildfire.multiplex.MultiplexerPacketHandler.route(MultiplexerP acketHandler.java:168)
at org.jivesoftware.wildfire.net.ConnectionMultiplexerSocketReader$2.run(Connectio nMultiplexerSocketReader.java:147)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
This seems overkill to me. Couldn’‘t we replace this stacktrace with a more generic “login failed” message? It’'s less cryptic and saves a lot of space.