Login failure stack trace

Whenever one of our users logs in using the SASL DIGEST-MD5 mechanism and an incorrect password, something like this is added to warn.log.

2006.07.19 08:45:11 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Se rver.java:606)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.j ava:226)

at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :248)

at org.jivesoftware.wildfire.multiplex.MultiplexerPacketHandler.route(MultiplexerP acketHandler.java:168)

at org.jivesoftware.wildfire.net.ConnectionMultiplexerSocketReader$2.run(Connectio nMultiplexerSocketReader.java:147)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 650)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

at java.lang.Thread.run(Thread.java:595)

This seems overkill to me. Couldn’‘t we replace this stacktrace with a more generic “login failed” message? It’'s less cryptic and saves a lot of space.

Guus,

what client is being used here? I wonder if its the bug discovered in the Java SASL implementation thats just incompatable with another SASL library.

I was under the impression though that this behaviour was standard whenever a digest-md5 sasl authentication failed.

It’‘s a client we developed ourselves. I’'m unsure what sasl-library is used - I can find out tomorrow.

It may well be. I dont run any server that supports a digest mode authentication so I cant test it. There have been rumors about that the cyrus SASL libraries are incompatable with Java’‘s implementation. And after finding the bug in Java’'s last week, it wouldnt suprise me if there are more incompatabilities lurking about.

Gato moved this particular stacktrace to debug instead of warn. Solves my problem.

I am now seeing this log-in failure as well for the first time today. I am running fully up-to-date CentOS 4.3, latest stable WildFire, latest Trillian Pro, and have plenty of others using this/these same softwares and working perfectly, except for one user.

The “warn” tab of the log shows the following:

at java.lang.Thread.run(Unknown Source)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:136)

at org.jivesoftware.wildfire.net.SocketReadingMode.authenticateClient(SocketReadin gMode.java:117)

at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :248)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.

2006.08.22 21:29:15 SaslException

at java.lang.Thread.run(Unknown Source)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:136)

at org.jivesoftware.wildfire.net.SocketReadingMode.authenticateClient(SocketReadin gMode.java:117)

at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :248)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.

Any ideas?

Thanks much.

Jason

xmpp:sjobeck@jabber.org