07-04-2012 05:32 AM - edited 03-19-2019 05:11 AM
Hello,
CUPS allows third party XMPP clients. We tested it with Pidgin on Windows, IM+ on iOS.
Now, how can we ensure that password are not send "in the clear", but protected by TLS or at least by hashing ?
Regards.
J.Ph Papillon
07-05-2012 09:49 AM
Wireshark?
07-12-2012 06:36 AM
3rd party xmpp clients will use SASL plain to authenicate with CUP. The password will be sent base64 encoded to CUP. However, to fully secure the client, it should also use TLS when also using SASL plain.
Steve
06-08-2014 05:00 PM
We have CUCM 10.0 and CUPS 10.0 installed inhouse and I am writing a XMPP client using Matrix XMPP API to connect to CUPS. It always failed on sasl authehtication:
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls">
<required />
</starttls>
</stream:features>
SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>PLAIN</mechanism>
<mechanism>CISCO-VTG-TOKEN</mechanism>
</mechanisms>
</stream:features>
SEND: <auth mechanism="CISCO-VTG-TOKEN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcmlkPWpvc2llbEBjdWNtMTAubG9jYWwAdG9rZW49YWJjZA==</auth>
RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<temporary-auth-failure />
</failure>
RECV: </stream:stream>
SEND: </stream:stream>
this is configured on CUCM 10.0
The end user userid: JosieL
Password: abcd
pin: 1234
XMPP domain: cucm10.local
I tried to use both "abcd" and "1234" to construct the sasl string in this format. None of them works for me:
JosieL@cucm10.local\01234 or JosieL@cucm10.local\0abcd in base64 format
Can anyone tell me what the problem is? I have been struggling with this issue for a couple of days.
Any help is appreciated
06-09-2014 11:01 AM
This community does not provide technical support and is not staffed with technical support experts. I recommend you post this and future technical support questions to the Cisco Support Community (https://supportforums.cisco.com/index.jspa) where our Cisco technical support experts provide assistance. Another option is to open a ticket with the Cisco Technical Assistance Center (www.cisco.com/go/support) to get expert debugging assistance.
We hope to hear from you again.
Kelli Glass
Moderator for the Cisco Collaboration Community
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide