I’m using Openfire 4.7.4 and recently I’ve changed the SASL mechanism configuration to just have enabled the SCRAM-SHA-1 mechanism (before all mechanisms were selected).
After doing this change, all the clients that tried to connect starts receiving error:
<failure xmlns=“urn:ietf:params:xml:ns:xmpp-sasl”><not-authorized />
But if I edit the user password with the same value in the openfire portal, afterwards the clients can connect successful!
This change affects the definition of the password somehow? IS this a known issue?
Yes, but it’s “by design”. The passwords are stored as hashes in the database. If you previously used e.g. DIGEST-MD5, then Openfire is unable to derive the SCRAM-SHA-1 hash from that. You have to provide Openfire once again with the plain text password, so that Openfire can calculate the SCRAM hash for it.