DIGEST-MD5 connection error when using pidgin/Gaim?

Hi all,

I’ve just setup openfire on Linux, and I’m having some trouble connecting from pidgin/Gaim (other clients seem to connect ok). There is a pidgin ticket open on this but it doesn’t seem to be getting much activity:

http://developer.pidgin.im/ticket/2095

Any time I try to connect to Openfire from Pidgin (v2.1.1) I get an error saying my account isn’t authorized, and I get the following error in the warn.log on the server:

2007.08.27 22:55:11 SaslException

javax.security.sasl.SaslException: DIGEST-MD5 must not have an initial response

Is there a configuration setting in openfire I can change to fix this problem, or is this a known problem? Speaking of which:

Where are the nightly builds of openfire stored? There aren’t any showing up on the nightly download page

Java’s DIGEST-MD5 implementation dosnt quite match the Cyrus-SASL implementation (what Pidgin uses). Ive not had the chance to look into it closely, but as a workaround you can tell Openfire to not use DIGEST-MD5 by configuring the exact SASL mechanisms to use in your openfire.xml :

Example:

<sasl>
  <mechanisms>PLAIN</mechanisms>
</sasl>

Hi,

The Pidgin ticket has been updated to indicate that the bug is with the Java SASL bits being used by Openfire.

daryl

Well, I never said it was Java’s fault, just that the two dont match. I would need to dig into the RFC and some sample code to really figure out which is incorrect. Its possible Pidgin is using the CryusSASL libs incorrectly, or that Openfire is using the Java SASL incorrectly. Without more data I cant tell.

Sorry, unrelated issue, my mistake, problem was with gajim settings.

Hi. I tried adding this to my openfire.xml file, but all of my users are still showing up as “Not Authorized”.

<sasl>

<mechanisms>PLAIN</mechanisms>

</sasl>

Is there something I am missing? Can you recommend another windows client that I can use to get around this?

Thanks.

Im a little lost here- a bunch of people replied to my response, but none were the original author. If you are “still” having a problem, please start a new thread and post your whole problem, or at least indicate what your full problem is if directly related to this one.

slushpuppy: http://www.igniterealtime.org/community/thread/28776

thanks!

I could understand. It’s hard to get hold of a security expert

This has been worked-around in im.pidgin.pidgin revision f6430c7013d08f95c60248eeb22c752a0107499b. This will most likely be libpurple / pidgin 2.4.0 and will be included in Adium 1.2.

It would be nice for the work-around to be made unnecessary by the Java SASL library being fixed

Cheers,

Evan <www.adiumx.com>

Jay,

Do you know if it was ever determined what the source of the problem was?

Ilan