Looking for ejabberd docs?

To access the most up-to-date ejabberd documentation, please visit docs.ejabberd.im »

Anonymous Login Not Authorized

Submitted by coopvr on Fri, 2008-09-19 18:32

ejabberd Administration

I setup the configuration file but jabber clients keep giving me an Authentication Error: Not Authorized

Here is my domain setting and login:
{hosts, ["cooprentals.com"]}.

{host_config, "cooprentals.com", [{auth_method, [internal,anonymous]},
{allow_multiple_connections, false},
{anonymous_protocol, login_anon}]}.

I can login with a registered user fine...but not with

test@cooprentals.com [any pass]

What else could be missing?

Here is what my log file

Submitted by coopvr on Fri, 2008-09-19 21:35.

Here is what my log file returned..

=INFO REPORT==== 2008-09-19 14:28:19 ===
I(<0.435.0>:ejabberd_c2s:710) : ({socket_state,tls,{tlssock,#Port<0.418>,#Port<0.420>},<0.434.0>}) Failed authentication for anon@cooprentals.com

Ok, I have tried everything

Submitted by coopvr on Fri, 2008-09-19 22:53.

Ok, I have tried everything to no avail....I'll wait for some expert advise. Thanks.

Ok, here is some more

Submitted by coopvr on Mon, 2008-09-22 02:38.

Ok, here is some more feedback..

It works if I run a test script on the server so anonymous is working from localhost:5222
It does not allow anonymous logins from JWChat web client 5280 or my PSI windows client 5222 or 5223.

So it appears something is not allowing anonymous logins from external IP's or connections?

Hope this helps. I still have not figured out what to do about it.

looks like a client problem

Submitted by SpliFF on Sat, 2009-06-20 15:11.

http://xmpp.org/extensions/xep-0175.html

It says the client is supposed to respond to the streams information by choosing mechanism="ANONYMOUS". In my protocol dumps for jwchat I'm seeing jwchat choose mechanism="DIGEST-MD5" automatically without waiting to see what mechanisms are supported. Obvious conclusion then is that either http-bind or jwchat does not support anything but DIGEST-MD5.

I saw a similar issue with pidgin where the server send ANONYMOUS as a supported stream method but pidgin still sent DIGEST-MD5 back.

So short answer is that it appears many clients do not support anonymous login.

Enable saslanon in jwchat

Submitted by SpliFF on Sun, 2009-06-21 00:57.

It looks like you have to tell jwchat to use 'saslanon' or it will use normal login. To do this use:

oArgs.authtype = 'saslanon'

in the code that performs the login. If you want to do registered logins as well you might want to set that via a form input.

Two experiments and results

Submitted by mfoss on Mon, 2008-09-22 16:52.

If I put this:

{auth_method, anonymous}.
{anonymous_protocol, login_anon}.

I can:

login to any account providing any password, but I need to disable STARTTLS and SASL authentification in the client. When I logout, the account roster, etc is deleted automatically.

If I put this:

{auth_method, [internal, anonymous]}.
{anonymous_protocol, login_anon}.

I can:

login to existing accounts if I provide the valid password.
login to any account that doesn't yet exist providing any password, but I need to disable STARTTLS and SASL authentification in the client. When I logout, the account roster, etc is deleted automatically.

I only tried those configurations. I used Tkabber and ejabberd trunk svn. I only tried the client in the same machine that the server.

I didn't try the protocol sasl_anon because it requires a client that supports SASL Anonymous, and I only know a client that implements that: MUCkl.

I'm using the Psi Client and

Submitted by coopvr on Mon, 2008-09-22 20:58.

I'm using the Psi Client and JWChat installed on the server. Both will login if an account exists..but I'm getting Authentication Failed if logging in anonymously.