XMPP 服务器到服务器 SASL 握手
我正在尝试使用 MD5 Digest SASL 握手将服务器连接到 XMPP 服务器。但 XMPP 服务器总是拒绝我对挑战的响应。 RFC 表示响应应该如下所示:
username="example.org",realm="somerealm",\
nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\
nc=00000001,qop=auth,digest-uri="xmpp/example.org",\
response=d388dad90d4bbd760a152321f2143af7,charset=utf-8
但是 response 的值(我根据输入正确生成的值)依赖于用户名和密码。对于服务器到服务器的通信,应该使用哪个用户名和密码?规范中的 example.org 用户名似乎不正确。
I am trying to connect a server to a XMPP server, using the MD5 Digest SASL handshake. But the XMPP server always rejects my response to the challenge. The RFC says the response should look like:
username="example.org",realm="somerealm",\
nonce="OA6MG9tEQGm2hh",cnonce="OA6MHXh6VqTrRk",\
nc=00000001,qop=auth,digest-uri="xmpp/example.org",\
response=d388dad90d4bbd760a152321f2143af7,charset=utf-8
But the value of response (which I have correctly generated based on the inputs) relies on the username and password. For server-to-server communication, which username and password should it be using? The example.org username in the spec doesnt seem right..
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您现在可能已经解决了这个问题,但这是为了记录。请参阅 RFC3920,第 6.1 节,第 6 项:“如果所选 SASL 机制支持提供‘简单用户名’(例如,DIGEST-MD5 和 CRAM-MD5 机制支持,但 EXTERNAL 和 GSSAPI 机制不支持) ,在身份验证期间,发起实体应该提供其发送域(IP 地址或包含在域标识符中的完全限定域名)作为简单用户名(在服务器到服务器通信的情况下)或其注册帐户名(用户或节点名)在客户端到服务器通信的情况下,包含在 XMPP 节点标识符中。”
至少,这有条件地处理用户名。密码我根本猜不出来。我正在编写一个客户端到服务器的脚本,因此我将使用自己的 gmail 用户名和密码,但这不太可能适用于服务器到服务器。
You've probably solved this by now, but this is for the record. See RFC3920, section 6.1, item 6: "If provision of a 'simple username' is supported by the selected SASL mechanism (e.g., this is supported by the DIGEST-MD5 and CRAM-MD5 mechanisms but not by the EXTERNAL and GSSAPI mechanisms), during authentication the initiating entity SHOULD provide as the simple username its sending domain (IP address or fully qualified domain name as contained in a domain identifier) in the case of server-to-server communications or its registered account name (user or node name as contained in an XMPP node identifier) in the case of client-to-server communications."
At least, that conditionally takes care of the username. The password I couldn't even guess at. I'm writing a client-to-server script, so I'll be using my own gmail username and password, but that isn't likely to work for server-to-server.