XMPP disconnect causes Pidgin to be unable to reconnect

Hi,

Could one of the Openfire devs check out this Pidgin ticket and comment on it?

http://developer.pidgin.im/ticket/2095

The problem is that when pidgin gets disconnected from Openfire (for some network reason), pidgin can’t reconnect without restarting Pidgin. The pidgin ticket indicates there may be a bug with the SASL bits used by Openfire.

thanks,

daryl

While I dont have an account to comment on the pidgin ticket, there are a few things going on here. First is the ambiguous language in RFC2831. If the client previously authenticated to the server, then it MAY perform “subsequent authentication”. According to RFC2119 the word MAY indicates the item is truly optional, and may be left out for any number of reasons. The problem here is that the verbage is in reference to what a client MAY do. Does that mean the server MAY support it? Or that the server MUST support it in case the client might try?

Sun’s take on the matter is that the subsequent authentication is optional in server implementations. From the java6 source:

/**
  * An implementation of the DIGEST-MD5 server SASL mechanism.
  * (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
  * <p>
  * The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
  * <ul><li>Initial Authentication
  * <li>Subsequent Authentication - optional, (currently not supported)
  * </ul> */

so its pretty clear that it wont be supported by Openfire (or any other Java implementation) anytime soon. Perhaps Java7 will have it, or some other SASL library will show up with support. The problem is with the current Java implementation the object is not kept around after the first authentication, so the server dosnt remember the original nonce, nonce-count, and cnonce values, and thus cant compare them to what the client provides.

My personal opinion on the matter is pidgin should try the subsequent authentication method, and upon failure fall back to the initial method. With the RFC as ambiguous as it is, there may be other implementations that choose to skip it.

Currently workarounds are:

  • disable DIGEST-MD5 from Openfire

  • Close pidgin and start it back up again

thanks slushpupie!

The pidgin developer has responded to your comment on their ticket: http://developer.pidgin.im/ticket/2095

Sorry that I am just an ignorant go between here

daryl

JM-1109 has been opened to address this issue. I think the fix will be simple.

I submitted a report to Sun regarding this issue. Since it isnt a show-stopper, I dont expect any quick response on it, but hopfully they will open a bug on this issue.

Two of our users reported that your fix works. One is using Adium, the other Pidgin.

Pardon my ignorance but how do I disable DIGEST-MD5 in Openfire?

Thanks

Hi,

Is your question related to this post? If so, upgrading Openfire seems to fix this issue.

If you are asking in general how to do it, you may wish to start a new thread. Sorry, I dunno how to do that.

daryl

I’m already using the latest version of Openfire 3.4.4 this is the latest version right?

Doesn’t seem to fix the issue.

jhun

Hi,

Which version of Pidgin?

daryl

Hi,

We’re using Pidgin 2.3.1. I think is the latest version of Pidgin.

Jhun

Hi Jhun,

That is strange. Previously, I was able to reproduce the “bug” with ease, but now it just works with the recent Openfire servers?!?

Sorry that I am not of more help.

daryl