challenge stanza in response to authentication attempt

hey folks, ive got a problem maybe you can help with:

im trying to authenticate a session using php and BOSH
whenever i send the user pass combo set in md5, i get a challenge stanza in response
im assuming its some sort of security measure which is cool, but how do i get past it, do i just send the user and pass again to get to the next step or disable some sort of option in ejabberd

k, after a bit more reading i

k, after a bit more reading i discovered that this was the built in captcha for bosh
now i just need to figure out how to disable it :)

Umm

xukster wrote:

k, after a bit more reading i discovered that this was the built in captcha for bosh

CAPTCHA in ejabberd is only used when joining a MUC room tha is configured to require CAPTCHA

sasl

its the encoded response for a digest-md5 challenge...
i dont think disabling it is a good idea, but im having trouble getting around it. ive tried to compute the response and send it to the server, but i get a bad protocol error. anyone have any idea what that means? my worry is that i mis-computed the response and i get the error in exchange... but the xmpp specs dont list bad-protocol as an error i should be getting, so maybe thats not it?

here are the stanzas (removed the tags coz they dont get displayed):

sent = (body hold='1' secure='true' rid='$rid' to='server.name.org' wait='60' xmpp:version='1.0' xml:lang='en' xmlns='http://jabber.org/protocol/httpbind' xmlns:xmpp='urn:xmpp:xbosh'/)

returned = (body xmlns='http://jabber.org/protocol/httpbind' sid='5009a1af7a9' wait='60' requests='2' inactivity='30' maxpause='120' polling='2' ver='1.8' from='server.name.org' secure='true' authid='3360310511' xmlns:xmpp='urn:xmpp:xbosh' xmlns:stream='http://etherx.jabber.org/streams' xmpp:version='1.0')(stream:features xmlns:stream='http://etherx.jabber.org/streams')(mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl')(mechanism)DIGEST-MD5(/mechanism)(mechanism)PLAIN(/mechanism)(/mechanisms)(c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='wwrSvLFOLzC92POh074kJuEqYxE='/)(register xmlns='http://jabber.org/features/iq-register'/)(/stream:features)(/body)

sent = (body rid='$rid' sid='$sid' xmlns='http://jabber.org/protocol/httpbind')(auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5')=(/auth)(/body)

returned = (body xmlns='http://jabber.org/protocol/httpbind')(challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl')bm9uY2U9c3M=(/challenge)(/body)

sent = (body rid='$rid' sid='$sid' xmlns='http://jabber.org/protocol/httpbind')(response xmlns='urn:ietf:params:xml:ns:xmpp-sasl')$zb64(/response)(/body)

and the final return = (body xmlns='http://jabber.org/protocol/httpbind')(failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl')(bad-protocol/)(/failure)(/body)

sasl

its the sasl mechanism... i actually wrote a huge post about it but i guess this forum doesnt allow for it :(
looking for a good tutorial for it though, if anyone knows of any?

Syndicate content