Asterisk & Google Talk with application-specific passwords

asterisk google talk

Not long ago when I was travelling, I had to use my Gmail account to access some info I needed printed. I had no choice but to use an Internet cafe. This left me feeling rather uncomfortable, I really don’t like using publicly available computers, you never know what combination of malware/spyware/any-other-god-only-knows-what-ware these have on them.

After I was back at home I decided to switch on two-factor authentication on my Google account – this way I would significantly increase security of my account and next time I have to use my email on a public computer I won’t have nightmares afterwards! I am not going to get into too much details of what this involves, however part of the process is to generate an application-specific password for all the applications you use.

For weeks everything seemed to work ok, but then I noticed that after compiling and installing a new version of Asterisk, it would start crashing after a few seconds. A quick look at the logs indicated that the reason behind it was pointing at Google Talk, or rather jabber which runs things in the background. As I don’t use Google Talk too much, at the time I managed to get rid of the crash issue by compiling even newer version of Asterisk (version 1.8.17.0). I knew that the jabber problems had something to do with the recently activated two-factor authentication, but did not investigate the issue too much at the time.

Finally I had a chance to take a quick look at the logs to see what was the problem. I had to activate debugging first to see more details.

[email protected]:~$ sudo asterisk -rvvvvv
asteriskbox*CLI> jabber set debug on

Quick look at the logs showed the following:

< auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>YW0zcmlnMCJ0aGlzaXNub3RyZWFsbHlteXBhc3N3b3JkIgo=< / auth >
< failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl" >< not-authorized/ >< /failure >

A little bit of research indicated that the above is transmitted as an encoded string using base64 – this could definitely help as I could easily decode it to see what is actually transmitted and potentially get to the bottom of the problem! So after a few more minutes I had a command which could help me read it, great!

echo YW0zcmlnMCJ0aGlzaXNub3RyZWFsbHlteXBhc3N3b3JkIgo= | base64 -d

This indicated that the string transmitted to google talk was as follows:

am3rig0″thisisnotreallymypassword”

Only then I realised where the problem was! As the application-specific passwords are rather complex (e.g. “abcd dsfs osdi gpel”), I made an assumption that these would have to be placed between double quotes in jabber.conf:

secret=”abcd dsfs osdi gpel”

But this was a very incorrect assumption! As it turns out, the quote signs were used as part of the string used to authenticate with Google Talk. Once I got rid of the “” from jabber.conf, asterisk authenticated as expected.

ubuntubox*CLI> jabber show connections
Jabber Users and their status:
[gtalk] me[at]gmail.com – Connected
—-
Number of users: 1
asteriskbox*CLI>

And there you have it! I have spent lots of time trying to Google for a solution but could not find anything to suggest how to resolve the issue (not even on wiki.asterisk.org), so thought might be useful to write it down! Now you will know how to configure your Asterisk server, when using two-factor authentication with application-specific passwords in your Google account!