Project

General

Profile

digest-md5 authentication not provided

johney test
Added over 4 years ago

Hi,

I have problem when I want to add digest-md5 mechanism to my authentication methods for user login .

according to administration Guide , I added following lines to the init.properties , but nothing changed after restarting services.

--auth-db[domain4.com]=tigase-custom
--auth-db-uri[domain4.com]=jdbc:mysql://db14.domain4.com/dbname?user&password
basic-conf/auth-repo-params/domain4.com/user-login-query={ call UserLogin(?, -?) -}
basic-conf/auth-repo-params/domain4.com/user-logout-query={ call UserLogout(?) -}
basic-conf/auth-repo-params/domain4.com/sasl-mechs=PLAIN,DIGEST-MD5
--user-db[domain4.com]=mysql
--user-db-uri[domain4.com]=jdbc:mysql://db14.domain4.com/dbname?user&password

I could find another instruction in administration Guide which is similar to above. when I apply it again NO md5 provided!

this is part of xml log from client which can only be authenticated with sasl digest-md5 :

<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms>

I tested these with tigase 5.2.3 and 5.2.0 using mysql.

thanx in advance


Replies (7)

Added by Wojciech Kapcia TigaseTeam over 4 years ago

If you want to have if configured per VHost then please try configuring it on vhost - either via admin ad-hoc or through --virt-host property sting, e.g.: (semicolon separated)

--virt-hosts=domain4.com:sasl-mechanisms=PLAIN;DIGEST-MD5

Added by johney test over 4 years ago

Thank you for your reply ,

I applied following property string into the init.properties , but again the same problem ; NO md5 provided !

--virt-hosts=domain4.com:sasl-mechanisms=PLAIN;DIGEST-MD5

Added by Wojciech Kapcia TigaseTeam over 4 years ago

Please share what mechanisms server advertise during connection.

Added by johney test over 4 years ago

up to my knowledge, only PLAIN and ANONYMOUS mechanisms are being advertised by server from following log .

<command xmlns="http://jabber.org/protocol/commands" node="GETFEATURES"><ver xmlns="urn:xmpp:features:rosterver"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><register xmlns="http://jabber.org/features/iq-register"/><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></command></iq>, SIZE=629, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=result

please let me know if this log is not helpful.

Added by Wojciech Kapcia TigaseTeam over 4 years ago

Can you check logs and look for following line:

ConfigRepository.setProperties()   CONFIG:   Loaded config item: Domain: <domain4.com>, enabled: true, anonym: true, register: true, maxusers: 0, tls: false, s2sSecret: …, domainFilter: OWN, domainFilterDomains: null, c2sPortsAllowed: null, saslAllowedMechanisms: null

and verify, that the configuration was correctly updated? However - with the new SASL implementation we only support Anonymous, PLAIN, EXTERNAL and SCRAM for the moment. I've created ticket #2520 to bring it back.

Added by johney test over 4 years ago

This is from the log file :

[main] ConfigRepository.setProperties() CONFIG: Loading config item: domain4.com: sasl-mechanisms=PLAIN;DIGEST-MD5

[main] ConfigRepository.addItem() INFO: No repoChangeListener for: Domain: domain4.com, enabled: true, anonym: true, register: true, maxusers: 0, tls: false, s2sSecret: null, domainFilter: ALL

[main] ConfigRepository.setProperties() CONFIG: Loaded config item: Domain: domain4.com, enabled: true, anonym: true, register: true, maxusers: 0, tls: false, s2sSecret: null, domainFilter: ALL

by the way , I don't understand the meaning of "bring it back" . do you mean the old versions supports MD5 ?! . if yes , please let me know which versions ?

Added by Wojciech Kapcia TigaseTeam over 4 years ago

New SASL implementation was introduced in version tigase-server-5.2.0-rc2.

    (1-7/7)