cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6577
Views
0
Helpful
4
Replies

CUPS and 3rd party XMPP clients

jpapillon
Level 1
Level 1

Hello,

CUPS allows third party XMPP clients. We tested it with Pidgin on Windows, IM+ on iOS.

Now, how can we ensure that password are not send "in the clear", but protected by TLS or at least by hashing ?

Regards.

J.Ph Papillon

4 Replies 4

josepaulopetry
Level 1
Level 1

Wireshark?

stlevy
Level 1
Level 1

3rd party xmpp clients will use SASL plain to authenicate with CUP. The password will be sent base64 encoded to CUP. However, to fully secure the client, it should also use TLS when also using SASL plain.

Steve

We have CUCM 10.0 and CUPS 10.0 installed inhouse and I am writing a XMPP client using Matrix XMPP API to connect to CUPS. It always failed on sasl authehtication:

SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >

RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >

RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">

  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls">

    <required />

  </starttls>

</stream:features>

SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="cucm10.local" version="1.0" >

RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en-US.UTF-8" id="295BA5170E" from="cucm10.local" version="1.0" >

RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">

  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">

    <mechanism>PLAIN</mechanism>

    <mechanism>CISCO-VTG-TOKEN</mechanism>

  </mechanisms>

</stream:features>

SEND: <auth mechanism="CISCO-VTG-TOKEN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcmlkPWpvc2llbEBjdWNtMTAubG9jYWwAdG9rZW49YWJjZA==</auth>

RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">

  <temporary-auth-failure />

</failure>

RECV: </stream:stream>

SEND: </stream:stream>

this is configured on CUCM 10.0

The end user userid: JosieL

Password: abcd

pin: 1234

XMPP domain: cucm10.local


I tried to use both "abcd" and "1234" to construct the sasl string in this format. None of them works for me:

JosieL@cucm10.local\01234 or JosieL@cucm10.local\0abcd in base64 format

Can anyone tell me what the problem is? I have been struggling with this issue for a couple of days.

Any help is appreciated

This community does not provide technical support and is not staffed with technical support experts. I recommend you post this and future technical support questions to the Cisco Support Community (https://supportforums.cisco.com/index.jspa) where our Cisco technical support experts provide assistance. Another option is to open a ticket with the Cisco Technical Assistance Center (www.cisco.com/go/support) to get expert debugging assistance.


We hope to hear from you again.

Kelli Glass

Moderator for the Cisco Collaboration Community

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: