Server doesn't support any of the requested SASL mechanisms

[itzzengay]

Before creating a ticket, please consider if this should fit the discussion forum better.

Environment

• ejabberd version: 23.10
• Erlang version: Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 14.1
• OS: Linux (Arch Linux)
• Installed from: source

Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml

```yaml hosts: - plus.st host_config: "plus.st": sql_type: pgsql sql_server: "localhost" sql_database: "ejabberd_production" sql_username: "ejabberd" sql_password: "[dbpass]" auth_method: [sql] auth_password_format: scram auth_scram_hash: sha512 loglevel: info certfiles: - /etc/ejabberd/.cert/muc.plus.st.crt - /etc/ejabberd/.cert/muc.plus.st.key - /etc/ejabberd/.cert/plus.st.crt - /etc/ejabberd/.cert/plus.st.key - /etc/ejabberd/.cert/proxy.plus.st.crt - /etc/ejabberd/.cert/proxy.plus.st.key - /etc/ejabberd/.cert/pubsub.plus.st.crt - /etc/ejabberd/.cert/pubsub.plus.st.key - /etc/ejabberd/.cert/xmpp.plus.st.crt - /etc/ejabberd/.cert/xmpp.plus.st.key listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5223 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s tls: true - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 shaper: s2s_shaper s2s_use_starttls: required acl: local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: access: allow: - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: rate: 3000 burst_size: 20000 fast: 100000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: {} mod_fail2ban: {} mod_http_api: {} mod_http_upload: put_url: https://@HOST@:5443/upload custom_headers: "Access-Control-Allow-Origin": "https://@HOST@" "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" "Access-Control-Allow-Headers": "Content-Type" mod_last: {} mod_mam: assume_mam_usage: true default: always mod_mqtt: {} mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: mam: true mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode plugins: - flat - pep force_node_config: storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: ip_access: trusted_network mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: {} mod_vcard_xupdate: {} mod_version: show_os: false ```

Errors from error.log/crash.log

No errors

Bug description

With this basic config, running a compliance test via https://compliance.conversations.im returns:

Server doesn't support any of the requested SASL mechanisms: [SCRAM-SHA-1, DIGEST-MD5, GSSAPI, CRAM-MD5, PLAIN, ANONYMOUS].

with no errors in ejabberd log

[licaon-kter]

Change auth_scram_hash: sha512 to sha1 ?

[itzzengay]

sha1 is invalid, assuming sha

results in the same error

[licaon-kter]

So you've setup auth_scram_hash: sha and reload_config and still fails with the exact same error message?

Ok, can you unregister, then register again the test user?

[Neustradamus]

@prefiks: Can you look here?

[prefiks]

You will need to change password of users you created (stored password will be using sha512, and they aren't compatible with sha1 authentication), you can use ejabberdctl change_password username your.domain newpassword

[licaon-kter]

Recreating the user has the same effect :)

[itzzengay]

I have had sha512 work before, and I would like to keep using it. This is a different problem.

For example: using plain authentication does not work, I still get the "Server doesn't support any of the requested SASL mechanisms" error

[licaon-kter]

Maybe we are lost in translation?

    auth_password_format: scram
    auth_scram_hash: sha512

...means there's no PLAIN, no SCRAM-SHA-1, no SCRAM-SHA-256 because you set it up like that

If your testing client cant use only PLAIN, if the caas powering the Compliance page can only use SHA-1, then, as expected, they can't login and will fail.

Now, what are you trying to do?

[itzzengay]

sha512 does work with caas, I have tested ejabberd servers using sha512 and scram before and it works without the error it's giving me now.

I temporarily changed the auth_password_format to plain to see if that would change anything, and it did not.

[licaon-kter]

I temporarily changed the auth_password_format to plain to see if that would change anything, and it did not.

and restarted server and and un-registered the test account, then re-registered the test account?

[licaon-kter]

@itzzenxx can you run CaaS locally in debug mode and see the output?

[itzzengay]

How do I run CaaS in debug mode?

[licaon-kter]

java -jar caas-app/target/caas-app.jar --verbose [jid] [password] I guess https://codeberg.org/iNPUTmice/caas

[itzzengay]

rocks.xmpp.core.stream.StreamNegotiationException: Server doesn't support any of the requested SASL mechanisms: [SCRAM-SHA-1, DIGEST-MD5, GSSAPI, CRAM-MD5, PLAIN, ANONYMOUS].
    at rocks.xmpp.core.session.AuthenticationManager.startAuthentication(AuthenticationManager.java:114)
    at rocks.xmpp.core.session.XmppClient.login(XmppClient.java:383)
    at rocks.xmpp.core.session.XmppClient.login(XmppClient.java:340)
    at rocks.xmpp.core.session.XmppClient.login(XmppClient.java:312)
    at rocks.xmpp.core.session.XmppClient.login(XmppClient.java:289)
    at im.conversations.compliance.xmpp.TestExecutor.executeTestsFor(TestExecutor.java:54)
    at im.conversations.compliance.CommandLineLauncher.main(CommandLineLauncher.java:76)

[licaon-kter]

Can you attach the latest config again?

[itzzengay]

the config for ejabberd is unchanged from my original post

[licaon-kter]

@itzzenxx that one has no PLAIN nor SHA-1

[itzzengay]

I don't want to use PLAIN or SHA-1, I made those temporary modifications to see if that would fix CaaS's error response, but they didn't.

[Neustradamus]

@itzzenxx: Can you publish a ticket here:

• https://codeberg.org/iNPUTmice/caas