cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

5944
Views
0
Helpful
4
Replies
Highlighted
Beginner

CUPS and 3rd party XMPP clients

Hello,

CUPS allows third party XMPP clients. We tested it with Pidgin on Windows, IM+ on iOS.

Now, how can we ensure that password are not send "in the clear", but protected by TLS or at least by hashing ?

Regards.

J.Ph Papillon

Everyone's tags (3)
4 REPLIES 4
Beginner

Re: CUPS and 3rd party XMPP clients

Wireshark?

Beginner

Re: CUPS and 3rd party XMPP clients

3rd party xmpp clients will use SASL plain to authenicate with CUP. The password will be sent base64 encoded to CUP. However, to fully secure the client, it should also use TLS when also using SASL plain.

Steve

Beginner

Re: CUPS and 3rd party XMPP clients

We have CUCM 10.0 and CUPS 10.0 installed inhouse and I am writing a XMPP client using Matrix XMPP API to connect to CUPS. It always failed on sasl authehtication:

SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >

RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >

RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">

  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls">

    <required />

  </starttls>

</stream:features>

SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >

RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >

RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">

  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">

    <mechanism>PLAIN</mechanism>

    <mechanism>CISCO-VTG-TOKEN</mechanism>

  </mechanisms>

</stream:features>

SEND: <auth mechanism="CISCO-VTG-TOKEN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcmlkPWpvc2llbEBjdWNtMTAubG9jYWwAdG9rZW49YWJjZA==</auth>

RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">

  <temporary-auth-failure />

</failure>

RECV: </stream:stream>

SEND: </stream:stream>

this is configured on CUCM 10.0

The end user userid: JosieL

Password: abcd

pin: 1234

XMPP domain: cucm10.local


I tried to use both "abcd" and "1234" to construct the sasl string in this format. None of them works for me:

JosieL@cucm10.local\01234 or JosieL@cucm10.local\0abcd in base64 format

Can anyone tell me what the problem is? I have been struggling with this issue for a couple of days.

Any help is appreciated

Rising star

Re: CUPS and 3rd party XMPP clients

This community does not provide technical support and is not staffed with technical support experts. I recommend you post this and future technical support questions to the Cisco Support Community (https://supportforums.cisco.com/index.jspa) where our Cisco technical support experts provide assistance. Another option is to open a ticket with the Cisco Technical Assistance Center (www.cisco.com/go/support) to get expert debugging assistance.


We hope to hear from you again.

Kelli Glass

Moderator for the Cisco Collaboration Community

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here