Can't connect from iChat: incorrect password

16 posts / 0 new
Last post
Can't connect from iChat: incorrect password


I'm trying to login to my test Tigase server though iChat, but it tells me that my login ID or password is incorrect. However, logging in using PSI works fine.

I have tried running the server both on my local Mac OS X system, and on a remote Linux system, with the same effect. I have tried both admin and non admin accounts, and tried different virtual hosts, and all have the same issue.

Any suggestions?




I hate to give answers like this - it works for me. But it really does. Could you please register an account for you on the and try to connect to the account using either Psi or iChat?

What exact error message is displayed by iChat? Maybe it can not find a server? Check: iChat -> Preferences -> Accounts -> Server Settings. Make sure the server address is correct if this is your local installation.
If you register an account on the (it needs my approval) then you have to provide following configuration settings in iChat:
Description: Whatever you like
Jabber ID:
Password: your website password
Server Settings:
Server: your server address
Port: 5222

Let me know if that helped or contact me if you have more detailed error description.



Thanks for your response. Connecting to my new account on works fine! The exact error message when I connect to my server is:

iChat can't log in to [mydomain] because your login ID or password is incorrect.

I enter the password, but the message keeps repeating.

I am using the default "dummy" certificate, so in fact before this there is a message how the certificate is not trusted. Could this be the issue?



I also notice that the, and the server are at the same ip address. However, my setup is different, they are on different servers and so different ip addresses. Could that somehow be an issue?


Hm, as long as you accept the dummy certificate it shouldn't cause any problems. I have just installed the Tigase server on my laptop and tried connecting to the server using admin account.
In fact, the first attempt failed but the second worked well.
One more thing you might want to check is whether you use all lower case characters when entering you account name and domain. It this is what causes the problem then this is a bug in the Tigase, so please let me know.

Hm, just checked, there is indeed a problem with character case. I have to fix it on the server side as this is a bug. In the meantime, please make sure you use all lower case characters to login to the server. (And create an account using all lower case characters too.)

After thinking for a while, I think this is actually a bug in the iChat rather then the Tigase server. This is the client duty to make sure it sends the username in correct character case to the server.
I may add kind of workaround on the server side but generally the Tigase should not bother about it.

That can be an issue indeed but the error message should be different. It should say something host not accessible or something. Anyway, assuming this is an issue:

Let's say you want to have jabber ID in the domain ''. But under this address is your website and you have the XMPP server on a different server accessible at the address: ''.

This can be solved in following ways:

  1. You configure your account in the client putting JID: '', (in iChat) uncheck "Automatically find server and port" and enter your XMPP server address in the "Server:" field: ''. All other clients have similar configuration options.
  2. Another way is to configure SRV records in DNS service for your domain. You can use SRV DNS records to point to any address for XMPP service for your domain.

I hope this helps, although I do not think this is an issue in your case as you can connect with Psi and cannot using iChat. The most likely cause might be if you used mixed character case in your username in iChat. Psi automatically converts all characters to lowercase.



Thanks for your comments. However, I've got the SRV records setup, so I've not needed to enter the actual location of the name (and that seems to work for PSI, and at least a limited amount in iChat, as it does attempt to connect to the correct server).

Also, no username, or password, has any uppercase letters, so I don't think that that is the issue.

Could it be authentication type? How would I investigate this issue? Would the logs help?



What the Tigase server version do you use? What database do you use?

One of possible ways to debug this is to open XML Console under Psi and see what authentication mechanism is used. As far as I know on the service only plain text password is enabled. Maybe iChat has problems with different mechanisms.

I have installed the last Tigase version (5.0.0 final) locally on my macbook with default database settings and everything works fine with iChat. Unless I can replicate the problem somehow I cannot help too much.

Another way to debug the problem is to enable debugging in the Tigase in the file:


and then there should be something in the log file. At least you can compare whether there are any differences between authentication when Psi connects and iChat connects.

I guess you have the most recent iChat version updated with the Mac OSX?


Ah: I can't find the final version at . I'm running 5.0.0-b213
I've looked in the log files... I'm not entirely sure what's going on, but it looks like it's trying to do a DIGEST-MD5 authentication, but failing for some reason.
How can I only allow plain text authentication? I've added the line
to the file as suggested by , but according to the Psi XML console, the server is still sending a full list of possible authentication mechanisms:



Version 5.0.0-b2135 is the final one. ('b' stands for build not for beta).
The sasl-mechs property works only with tigase-custom authentication connector. If you use a default one, then this setting is ignored. In such a case I think, the best way to debug this is to enable debug mode on the server and look into log files.
It really works for me, so maybe this is just a configuration mistake or network settings problem. If your installation is somewhere, available from the internet, I can have a look at it. If you are interested, please use the contact form and send me a message with some connection details.


(I've sent you a message with connection details: Thanks!)

I realise that when I was testing my local installation with iChat, I actually setup SRV records to point to host whose A record pointed to my local computer. So

- Using imac.local works fine with iChat
- Using [mydomain].com did not, and experienced the problem I described in the first post.

(Sorry about this confusion)

I've found where someone had difficulties with DIGEST-MD5 and SRV records.



I've just created a virtual host in Tigase, which is the actual location of the server (no SRV records involved)

JIDs, such as *do* work in iChat. But JIDs such as, where has SRV records to point to, don't (or at least I can't get them to)



I'm having the same problem with both iChat and the currently released version of Adium. The latest beta version of Adium works fine too.
Pidgin, psi et al work fine.

In xmpp libraries, openfire etc I've seen ichat specific fixes, as it seems it's not the most compliant client out there. Anyway what do you need from me to fix it?
I can send you logs etc but really want to see this resolved?


Ivan, I think this is quite old topic. I am not sure if anybody else is looking at it. However I think that the fix for iChat not properly using SRV records would be good in any case.