ejabberd - Comments for "Anonymous Login Not Authorized"

Enable saslanon in jwchat

SpliFF — Sun, 21 Jun 2009 00:57:47 +0000

It looks like you have to tell jwchat to use 'saslanon' or it will use normal login. To do this use:

oArgs.authtype = 'saslanon'

in the code that performs the login. If you want to do registered logins as well you might want to set that via a form input.

looks like a client problem

SpliFF — Sat, 20 Jun 2009 15:11:48 +0000

http://xmpp.org/extensions/xep-0175.html

It says the client is supposed to respond to the streams information by choosing mechanism="ANONYMOUS". In my protocol dumps for jwchat I'm seeing jwchat choose mechanism="DIGEST-MD5" automatically without waiting to see what mechanisms are supported. Obvious conclusion then is that either http-bind or jwchat does not support anything but DIGEST-MD5.

I saw a similar issue with pidgin where the server send ANONYMOUS as a supported stream method but pidgin still sent DIGEST-MD5 back.

So short answer is that it appears many clients do not support anonymous login.

I'm using the Psi Client and

coopvr — Mon, 22 Sep 2008 20:58:24 +0000

I'm using the Psi Client and JWChat installed on the server. Both will login if an account exists..but I'm getting Authentication Failed if logging in anonymously.

Two experiments and results

mfoss — Mon, 22 Sep 2008 16:52:00 +0000

If I put this:

{auth_method, anonymous}.
{anonymous_protocol, login_anon}.

I can:

login to any account providing any password, but I need to disable STARTTLS and SASL authentification in the client. When I logout, the account roster, etc is deleted automatically.

If I put this:

{auth_method, [internal, anonymous]}.
{anonymous_protocol, login_anon}.

I can:

login to existing accounts if I provide the valid password.
login to any account that doesn't yet exist providing any password, but I need to disable STARTTLS and SASL authentification in the client. When I logout, the account roster, etc is deleted automatically.

I only tried those configurations. I used Tkabber and ejabberd trunk svn. I only tried the client in the same machine that the server.

I didn't try the protocol sasl_anon because it requires a client that supports SASL Anonymous, and I only know a client that implements that: MUCkl.

Ok, here is some more

coopvr — Mon, 22 Sep 2008 02:38:21 +0000

Ok, here is some more feedback..

It works if I run a test script on the server so anonymous is working from localhost:5222
It does not allow anonymous logins from JWChat web client 5280 or my PSI windows client 5222 or 5223.

So it appears something is not allowing anonymous logins from external IP's or connections?

Hope this helps. I still have not figured out what to do about it.

Ok, I have tried everything

coopvr — Fri, 19 Sep 2008 22:53:41 +0000

Ok, I have tried everything to no avail....I'll wait for some expert advise. Thanks.

Here is what my log file

coopvr — Fri, 19 Sep 2008 21:35:12 +0000

Here is what my log file returned..

=INFO REPORT==== 2008-09-19 14:28:19 ===
I(<0.435.0>:ejabberd_c2s:710) : ({socket_state,tls,{tlssock,#Port<0.418>,#Port<0.420>},<0.434.0>}) Failed authentication for anon@cooprentals.com