Services:XMPP:SASL downgrade

From Kosmos Wiki
Revision as of 13:31, 17 February 2020 by Greg (talk | contribs) (Add a page about the SASL downgrade)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

We are in the process of switching over the accounts to use LDAP. This page was created in order to document a warning that will occur on some clients after we enable LDAP authentication. The LDAP implementation in ejabberd doesn't support SASL authentication.

The implication is that the user does not send a salted & hashed password to ejabberd, so the ejabberd process has access to a user's password and sends it over to the LDAP server to authenticate. This is considered PLAIN auth, even when both the XMPP c2s connection and the LDAP connect using TLS.

Some clients will display a warning because they detect that the auth used to be done with SASL, but not any longer. The most common one is Conversations, the Android client.

How to accept the warning in Conversations

In Conversations you can accept the warning by pressing "Accept" in the account details, that appears where the "Save" button is normally. [1]

  1. No (obvious?) way to accept SASL downgrade
Retrieved from "https://wiki.kosmos.org/index.php?title=Services:XMPP:SASL_downgrade&oldid=667"