Red Hat Bugzilla – Bug 436124
Pidgin can't connect to jabber server after update
Last modified: 2008-04-22 23:10:52 EDT
Description of problem:
Pidgin can't connect to jabber server after update to pidgin-2.4.0-1.fc8
Version-Release number of selected component (if applicable):
Every time I try I get authentication failed.
Steps to Reproduce:
1. Update to version 2.4.0-1.rh8
2. Start pidgin
3. Get error message
Actual results: Access denied, authentication failure.
Expected results: Access granted.
If I rebuild the RPM with the attached one-line patch it starts to work again.
From the comment in the code just above the changed line, I think the intention
of the coder was to do it the way the patch does it.
Created attachment 296886 [details]
One line patch that fixes the problem
You think incorrectly, as you'd see if you read the comment right above what you
What is your JID domain? what do you put in connect server of the advanced tab?
Can you provide a debug log from trying to connect to your XMPP server? (Help ->
Debug Window, or the output from "pidgin -d")
My jabber ID is email@example.com and the connect server in the advanced settings
is set to portal.nordu.net.
I attach 2 saves from the debug window for connection attempts. One
(purple-debug-bad.log) is a log taken using the version in the Fedora RPM, the
other (purple-debug-good.log) is taken using the version I compiled with the
This is the part of the code (without the patch applied):
/* host should be used in preference to domain to
* allow SASL authentication to work with FQDN of the server,
* but we use domain as fallback for when users enter IP address
* in connect server */
js->serverFQDN = g_strdup(domain);
js->serverFQDN = g_strdup(host);
As I read the code it says "If the host is valid, then use the domain, otherwise
(i.e. if the host is NOT valid) use the host". The comment on the other hand
says "Use the host if it is valid, otherwise use the domain". My patch changes
the code (as I read it) to say "If the host is NOT valid, then use the domain,
otherwise (i.e. if the host is valid) use the host", which is the equivalent to
how I interpret the comment.
Created attachment 297006 [details]
Log from fail connection
Created attachment 297007 [details]
Log from good connection (with the patch applied)
To clarify what the check is for - it says if this is an *IP address*, then use
the domain, otherwise it's a suitable hostname for use in authentication (IP
addresses, generally, are not suitable for this).
That server has a FQDN of portal.nordu.net but is configured to only accept
DIGEST-MD5 authentication with a digest-uri of "xmpp/nordu.net". Pidgin 2.4.0
now uses connect server as FQDN just as it would use the resolved SRV records if
you specified no connect server (SRV records for nordu.net point to
It is my interpretation of DIGEST-MD5 RFC2831 section 2.1.2 that the digest-uri
should be the FQDN of the server (and this is what Cyrus SASL uses except when
the workaround to allow specifying an IP address is in place).
If this is an Openfire server and you have any way to communicate with the
administrator, you could suggest setting the property xmpp.fqdn to portal.nordu.net.
See also http://developer.pidgin.im/ticket/5008 and
The server admin has now implemented the workaround in the
http://developer.pidgin.im/ticket/5008 report. And I can connect without the patch.
It is my opinion, and that of others , that Pidgin is doing the right thing here.