Description of problem: Pidgin can't connect to jabber server after update to pidgin-2.4.0-1.fc8 Version-Release number of selected component (if applicable): pidgin-2.4.0-1.fc8 How reproducible: Every time I try I get authentication failed. Steps to Reproduce: 1. Update to version 2.4.0-1.rh8 2. Start pidgin 3. Get error message Actual results: Access denied, authentication failure. Expected results: Access granted. Additional info: If I rebuild the RPM with the attached one-line patch it starts to work again. From the comment in the code just above the changed line, I think the intention of the coder was to do it the way the patch does it.
Created attachment 296886 [details] One line patch that fixes the problem
You think incorrectly, as you'd see if you read the comment right above what you are changing. What is your JID domain? what do you put in connect server of the advanced tab? Can you provide a debug log from trying to connect to your XMPP server? (Help -> Debug Window, or the output from "pidgin -d")
My jabber ID is ellert and the connect server in the advanced settings is set to portal.nordu.net. I attach 2 saves from the debug window for connection attempts. One (purple-debug-bad.log) is a log taken using the version in the Fedora RPM, the other (purple-debug-good.log) is taken using the version I compiled with the patch applied. This is the part of the code (without the patch applied): /* host should be used in preference to domain to * allow SASL authentication to work with FQDN of the server, * but we use domain as fallback for when users enter IP address * in connect server */ if (purple_ip_address_is_valid(host)) js->serverFQDN = g_strdup(domain); else js->serverFQDN = g_strdup(host); As I read the code it says "If the host is valid, then use the domain, otherwise (i.e. if the host is NOT valid) use the host". The comment on the other hand says "Use the host if it is valid, otherwise use the domain". My patch changes the code (as I read it) to say "If the host is NOT valid, then use the domain, otherwise (i.e. if the host is valid) use the host", which is the equivalent to how I interpret the comment.
Created attachment 297006 [details] Log from fail connection
Created attachment 297007 [details] Log from good connection (with the patch applied)
To clarify what the check is for - it says if this is an *IP address*, then use the domain, otherwise it's a suitable hostname for use in authentication (IP addresses, generally, are not suitable for this). That server has a FQDN of portal.nordu.net but is configured to only accept DIGEST-MD5 authentication with a digest-uri of "xmpp/nordu.net". Pidgin 2.4.0 now uses connect server as FQDN just as it would use the resolved SRV records if you specified no connect server (SRV records for nordu.net point to portal.nordu.net too). It is my interpretation of DIGEST-MD5 RFC2831 section 2.1.2 that the digest-uri should be the FQDN of the server (and this is what Cyrus SASL uses except when the workaround to allow specifying an IP address is in place). If this is an Openfire server and you have any way to communicate with the administrator, you could suggest setting the property xmpp.fqdn to portal.nordu.net. See also http://developer.pidgin.im/ticket/5008 and http://www.igniterealtime.org/community/thread/31708
The server admin has now implemented the workaround in the http://developer.pidgin.im/ticket/5008 report. And I can connect without the patch.
It is my opinion, and that of others [1], that Pidgin is doing the right thing here. [1] http://logs.jabber.org/jdev@conference.jabber.org/2008-03-20.html#13:02:41