Hi all,
I've modified sample/server and sample/client apps slightly to output
debug info useful during testing. Find below my findings.
All plugins seem to work fine except SRP. Sorry about the stupid
question (I'm a newbie), but how I can test SRP?
Thanks in advance.
Sergio.
---
Test Results
Server side [sample/server]
This product includes software developed by Computing Services
at Carnegie Mellon University (http://www.cmu.edu/computing/).
Built against SASL API version 2.1.25
LibSasl version 2.1.15 by "Cyrus SASL"
Build options: Berkeley DB 5.3.21, OpenSSL 1.0.1c, OpenLDAP 2.4.32
Waiting for incoming connections on all IPv4 and IPv6 addresses ...
Accepted new connection ...
Generating client mechanism list ... 8 mechanisms
Waiting for client mechanism ...
Using mechanism: NTLM
Sending response length: 60
0000 4e 54 4c 4d 53 53 50 00:02 00 00 00 0c 00 0c 00 NTLMSSP.........
0010 30 00 00 00 05 02 02 00:59 59 59 59 59 59 59 59 0.......YYYYYYYY
0020 00 00 00 00 00 00 00 00:00 00 00 00 00 00 00 00 ................
0030 4c 00 4f 00 4e 00 44 00:4f 00 4e 00 L.O.N.D.O.N.
Waiting for client reply ...
Negotiation complete.
Successful authentication 'rosario'
Realm: (NULL)
SSF: 0
Closing connection.
Client side [sample/client]
Receiving capability list ... SRP DIGEST-MD5 OTP CRAM-MD5 NTLM LOGIN PLAIN
ANONYMOUS
Using mechanism: NTLM
Please enter an authentication id: rosario
Password:
Sending response length: 114
0000 4e 54 4c 4d 53 53 50 00:03 00 00 00 00 00 00 00 NTLMSSP.........
0010 40 00 00 00 18 00 18 00:40 00 00 00 0c 00 0c 00 @.......@.......
0020 58 00 00 00 0e 00 0e 00:64 00 00 00 00 00 00 00 X.......d.......
0030 72 00 00 00 00 00 00 00:72 00 00 00 05 02 00 00 r.......r.......
0040 20 7c 7d 71 06 35 b4 a6:20 07 2e a8 1f b7 6d c4 |}q.5.. .....m.
0050 7f 32 88 89 da f0 1f 8c:4c 00 4f 00 4e 00 44 00 .2......L.O.N.D.
0060 4f 00 4e 00 72 00 6f 00:73 00 61 00 72 00 69 00 O.N.r.o.s.a.r.i.
0070 6f 00 o.
Successful authentication.
Closing connection.
<... another test using OTP ...>
Server Side
Accepted new connection ...
Generating client mechanism list ... 8 mechanisms
Waiting for client mechanism ...
Using mechanism: OTP
Sending response length: 22
0000 6f 74 70 2d 6d 64 35 20:34 39 33 20 6c 6f 33 35 otp-md5 493 lo35
0010 39 39 20 65 78 74 99 ext
Waiting for client reply ...
Negotiation complete.
Successful authentication 'rosario'
Realm: (NULL)
SSF: 0
Closing connection.
Client side
Receiving capability list ... SRP DIGEST-MD5 OTP CRAM-MD5 NTLM LOGIN PLAIN
ANONYMOUS
Please enter an authentication id: rosario
Please enter an authorization id: rosario
Password:
Using mechanism: OTP
Sending response length: 20
0000 68 65 78 3a 39 35 62 38:39 30 35 31 31 64 39 31 hex:95b890511d91
0010 33 34 35 64 345d
Successful authentication.
Closing connection.
<... another test using DIGEST-MD5 ...>
Server Side
Accepted new connection ...
Generating client mechanism list ... 8 mechanisms
Waiting for client mechanism ...
Using mechanism: DIGEST-MD5
Sending response length: 178
0000 6e 6f 6e 63 65 3d 22 58:56 31 64 58 56 31 64 58 nonce="XV1dXV1dX
0010 56 31 64 58 56 31 64 58:56 31 64 58 56 31 64 58 V1dXV1dXV1dXV1dX
0020 56 31 64 58 56 31 64 58:56 31 64 58 56 31 64 58 V1dXV1dXV1dXV1dX
0030 56 30 3d 22 2c 72 65 61:6c 6d 3d 22 6c 6f 6e 64 V0=",realm="lond
0040 6f 6e 22 2c 71 6f 70 3d:22 61 75 74 68 2c 61 75 on",qop="auth,au
0050 74 68 2d 69 6e 74 2c 61:75 74 68 2d 63 6f 6e 66 th-int,auth-conf
0060 22 2c 63 69 70 68 65 72:3d 22 72 63 34 2d 34 30 ",cipher="rc4-40
0070 2c 72 63 34 2d 35 36 2c:72 63 34 2c 64 65 73 2c ,rc4-56,rc4,des,
0080 33 64 65 73 22 2c 6d 61:78 62 75 66 3d 32 30 34 3des",maxbuf=204
0090 38 2c 63 68 61 72 73 65:74 3d 75 74 66 2d 38 2c 8,charset=utf-8,
00a0 61 6c 67 6f 72 69 74 68:6d 3d 6d 64 35 2d 73 65 algorithm=md5-se
00b0 73 73 ss
Waiting for client reply ...
Sending response length: 40
0000 72 73 70 61 75 74 68 3d:65 61 66 33 30 36 65 34 rspauth=eaf306e4
0010 34 32 34 39 38 31 64 62:62 37 32 35 65 63 34 64 424981dbb725ec4d
0020 38 63 66 34 39 34 63 37: 8cf494c7
Waiting for client reply ...
Negotiation complete.
Successful authentication 'rosario'
Realm: (NULL)
SSF: 0
Closing connection.
Client side
Receiving capability list ... SRP DIGEST-MD5 OTP CRAM-MD5 NTLM LOGIN PLAIN
ANONYMOUS
Using mechanism: DIGEST-MD5
Please enter an authentication id: rosario
Please enter an authorization id: rosario
Password:
Sending response length: 228
0000 75 73 65 72 6e 61 6d 65:3d 22 72 6f 73 61 72 69 username="rosari
0010 6f 22 2c 72 65 61 6c 6d:3d 22 6c 6f 6e 64 6f 6e o",realm="london
0020 22 2c 6e 6f 6e 63 65 3d:22 58 56 31 64 58 56 31 ",nonce="XV1dXV1
0030 64 58 56 31 64 58 56 31:64 58 56 31 64 58 56 31 dXV1dXV1dXV1dXV1
0040 64 58 56 31 64 58 56 31:64 58 56 31 64 58 56 31 dXV1dXV1dXV1dXV1
0050 64 58 56 30 3d 22 2c 63:6e 6f 6e 63 65 3d 22 58 dXV0=",cnonce="X
0060 56 31 64 58 56 31 64 58:56 31 64 58 56 31 64 58 V1dXV1dXV1dXV1dX
0070 56 31 64 58 56 31 64 58:56 31 64 58 56 31 64 58 V1dXV1dXV1dXV1dX
0080 56 31 64 58 56 31 64 58:56 30 3d 22 2c 6e 63 3d V1dXV1dXV0=",nc=
0090 30 30 30 30 30 30 30 31:2c 71 6f 70 3d 61 75 74 00000001,qop=aut
00a0 68 2c 64 69 67 65 73 74:2d 75 72 69 3d 22 72 63 h,digest-uri="rc
00b0 6d 64 2f 6c 6f 6e 64 6f:6e 22 2c 72 65 73 70 6f md/london",respo
00c0 6e 73 65 3d 37 39 34 63:61 32 62 65 32 62 37 38 nse=794ca2be2b78
00d0 32 61 39 36 65 35 35 33:36 34 38 38 62 64 37 34 2a96e5536488bd74
00e0 37 61 62 61 7aba
Sending null response ...
Successful authentication.
Closing connection.
<... another test using SRP ...>
Server Side
Accepted new connection ...
Generating client mechanism list ... 8 mechanisms
Waiting for client mechanism ...
Using mechanism: SRP
Sending response length: 786
0000 00 00 03 0e 00 01 00 ac:6b db 41 32 4a 9a 9b f1 ........k.A2J...
0010 66 de 5e 13 89 58 2f af:72 b6 65 19 87 ee 07 fc f.^..X/.r.e.....
0020 31 92 94 3d b5 60 50 a3:73 29 cb b4 a0 99 ed 81 1..=.`P.s)......
0030 93 e0 75 77 67 a1 3d d5:23 12 ab 4b 03 31 0d cd ..uwg.=.#..K.1..
0040 7f 48 a9 da 04 fd 50 e8:08 39 69 ed b7 67 b0 cf .H....P..9i..g..
0050 60 95 17 9a 16 3a b3 66:1a 05 fb d5 fa aa e8 29 `....:.f.......)
0060 18 a9 96 2f 0b 93 b8 55:f9 79 93 ec 97 5e ea a8 .../...U.y...^..
0070 0d 74 0a db f4 ff 74 73:59 d0 41 d5 c3 3e a7 1d .t....tsY.A..>..
0080 28 1e 44 6b 14 77 3b ca:97 b4 3a 23 fb 80 16 76 (.Dk.w;...:#...v
0090 bd 20 7a 43 6c 64 81 f1:d2 b9 07 87 17 46 1a 5b . zCld.......F.[
00a0 9d 32 e6 88 f8 77 48 54:45 23 b5 24 b0 d5 7d 5e .2...wHTE#.$..}^
00b0 a7 7a 27 75 d2 ec fa 03:2c fb db f5 2f b3 78 61 .z'u....,.../.xa
00c0 60 27 90 04 e5 7a e6 af:87 4e 73 03 ce 53 29 9c `'...z...Ns..S).
00d0 cc 04 1c 7b c3 08 d8 2a:56 98 f3 a8 d0 c3 82 71 ...{...*V......q
00e0 ae 35 f8 e9 db fb b6 94:b5 c8 03 d8 9f 7a e4 35 .5...........z.5
00f0 de 23 6d 52 5f 54 75 9b:65 e3 72 fc d6 8e f2 0f .#mR_Tu.e.r.....
0100 a7 11 1f 9e 4a ff 73 00:01 02 10 3c 3c 3c 3c 3c ....J.s....<<<<<
0110 3c 3c 3c 3c 3c 3c 3c 3c:3c 3c 3c 01 00 9e da e8 <<<<<<<<<<<.....
0120 f5 ef 10 13 32 5c da 24:f8 80 ad 9c 21 16 60 91 ....2\.$....!.`.
0130 2b e5 1e 12 dd 68 c1 71:c5 ca 6d b8 73 0e 85 d0 +....h.q..m.s...
0140 a1 2c 11 82 a1 5b d5 32:11 5c 4a 16 3d 9c 1a 3e .,...[.2.\J.=..>
0150 8a 23 80 c8 57 24 6c fd:13 b2 6c a3 ea f5 58 59 .#..W$l...l...XY
0160 0e a5 8e 7f 8b 8d b8 ab:4a 7f bd 06 4c db bb 71 ........J...L..q
0170 29 d8 7a 82 ea d2 ea 5a:99 82 62 6a b3 d6 46 83 ).z....Z..bj..F.
0180 52 67 31 4e 8b 9a b2 ea:62 89 ac f8 f7 a8 10 4b Rg1N....b......K
0190 24 77 02 ff 1a 43 84 76:55 c1 4b 8f 98 eb ab 48 $w...C.vU.K....H
01a0 9f ce 5e 52 cc 45 c6 04:bb 5f 57 2e 97 3a 01 43 ..^R.E..._W..:.C
01b0 4b e4 5f b3 18 f3 af 97:93 f2 eb e8 48 c9 18 74 K._.........H..t
01c0 83 83 2d eb 19 7e 00 04:2e 12 77 e5 19 11 84 6c ..-..~....w....l
01d0 4e 76 a7 ef 45 df d5 3e:d4 de 8d 0e dd 21 ec e5 Nv..E..>.....!..
01e0 66 e5 c3 11 91 d3 23 ef:e8 33 79 41 ca 8e 78 06 f.....#..3yA..x.
01f0 39 ec f1 a6 f5 b0 c6 ff:72 60 ad 72 3a 9f 4e b3 9.......r`.r:.N.
0200 1a 16 34 90 b2 b3 28 f7:81 ba 93 be 51 00 36 bf ..4...(.....Q.6.
0210 9e 4a f5 c1 ad d6 bb fe:a9 4e 64 6d 3d 00 f3 6d .J.......Ndm=..m
0220 64 61 3d 53 48 41 2d 31:2c 72 65 70 6c 61 79 5f da=SHA-1,replay_
0230 64 65 74 65 63 74 69 6f:6e 2c 69 6e 74 65 67 72 detection,integr
0240 69 74 79 3d 48 4d 41 43:2d 53 48 41 2d 31 2c 69 ity=HMAC-SHA-1,i
0250 6e 74 65 67 72 69 74 79:3d 48 4d 41 43 2d 52 49 ntegrity=HMAC-RI
0260 50 45 4d 44 2d 31 36 30:2c 69 6e 74 65 67 72 69 PEMD-160,integri
0270 74 79 3d 48 4d 41 43 2d:4d 44 35 2c 63 6f 6e 66 ty=HMAC-MD5,conf
0280 69 64 65 6e 74 69 61 6c:69 74 79 3d 44 45 53 2c identiality=DES,
0290 63 6f 6e 66 69 64 65 6e:74 69 61 6c 69 74 79 3d confidentiality=
02a0 33 44 45 53 2c 63 6f 6e:66 69 64 65 6e 74 69 61 3DES,confidentia
02b0 6c 69 74 79 3d 41 45 53:2c 63 6f 6e 66 69 64 65 lity=AES,confide
02c0 6e 74 69 61 6c 69 74 79:3d 42 6c 6f 77 66 69 73 ntiality=Blowfis
02d0 68 2c 63 6f 6e 66 69 64:65 6e 74 69 61 6c 69 74 h,confidentialit
02e0 79 3d 43 41 53 54 2d 31:32 38 2c 63 6f 6e 66 69 y=CAST-128,confi
02f0 64 65 6e 74 69 61 6c 69:74 79 3d 49 44 45 41 2c dentiality=IDEA,
0300 6d 61 78 62 75 66 66 65:72 73 69 7a 65 3d 32 30 maxbuffersize=20
0310 34 38 48
Waiting for client reply ...
Performing SASL negotiation: authentication failure
Closing connection.
Client side
Receiving capability list ... SRP DIGEST-MD5 OTP CRAM-MD5 NTLM LOGIN PLAIN
ANONYMOUS
Please enter an authentication id: rosario
Please enter an authorization id: rosario
Password:
Using mechanism: SRP
Sending response length: 311
0000 00 00 01 33 01 00 38 ce:43 ff 48 ae 87 24 ea e8 ...3..8.C.H..$..
0010 65 95 ee 34 6c b7 49 c1:d4 13 d0 b2 00 63 5c 85 e..4l.I......c\.
0020 93 86 27 cb f1 b7 d7 ec:26 3c bf fb 37 b0 59 c0 ..'.....&<..7.Y.
0030 50 30 a8 be b4 09 a4 3c:b6 b0 11 9a a6 0d ce 61 P0.....<.......a
0040 ad 3d 5f 99 24 09 1b a2:c8 63 39 8a e8 2d 40 ed .=_.$....c9..-@.
0050 a8 1f 2b 44 3f c9 c6 9c:8f 76 a7 4e a8 66 e1 2a ..+D?....v.N.f.*
0060 1a b3 06 93 ab 45 59 a7:3d d4 e8 d4 69 9d 1f 8e .....EY.=...i...
0070 e0 90 bc d5 14 67 ea c0:ac 3a 08 40 04 65 2e c8 .....g...:.@.e..
0080 48 16 32 41 6a 9a 9a 66:77 3a e4 c2 0f 2b 8a be H.2Aj..fw:...+..
0090 a8 20 cf 18 44 dd 5b 69:cb 7b b1 b1 b9 64 ab 89 . ..D.[i.{...d..
00a0 0a 74 b3 a1 5a d8 e6 58:71 c9 4b ee 36 2a 85 9b .t..Z..Xq.K.6*..
00b0 52 52 a1 42 49 e9 0c e9:61 d4 0e dd 3f 0b 53 1d RR.BI...a...?.S.
00c0 b8 3b cf 99 fb 2b 90 8e:d5 41 c1 3f 75 ff af 66 .;...+...A.?u..f
00d0 a6 cd 04 26 46 90 43 29:87 96 92 8f 43 15 04 99 ...&F.C)....C...
00e0 15 c2 8e 24 71 2b b1 fe:3d 71 3e 00 ed 62 42 dd ...$q+..=q>..bB.
00f0 99 0e 8c da 5e 31 e7 7c:6a 61 32 57 c1 14 80 69 ....^1.|ja2W...i
0100 14 df 51 c9 8e 75 14 2b:e5 ad 24 dd f8 60 91 93 ..Q..u.+..$..`..
0110 e7 9d fa 25 49 06 f2 d1:6d cd b7 00 09 6d 64 61 ...%I...m....mda
0120 3d 53 48 41 2d 31 10 5e:5e 5e 5e 5e 5e 5e 5e 5e =SHA-1.^^^^^^^^^
0130 5e 5e 5e 5e 5e 5e 5e ^^^^^^^
Authentication failed.
Closing connection.