hello all, <br><br>i am investigating the authentication on openSER. I search for a proper explanations but unfortunately i did not find how it is exactly done so i did some experiments. i assumed that the response is generated as the following: note that i set the username and password with the same string "alali"<br>
<br>Response = MD5( username + MD5(password) + realm + nonce)<br><br>and in the openser.cfg i tell the server to take the username from the header and set the password from the username since the username and the password are the same (only for testing).<br>
<br>TEST1: setting modparam("auth", "calculate_ha1", 1) and telling the server to expect a clear password<br>$avp(s:username) = $fU;<br>$avp(s:password) = $fU;<br><br>IT WORKS <br><br>TEST2:setting modparam("auth", "calculate_ha1", 0) and telling the server to expect a hashed password<br>
$avp(s:username) = $fU;<br>
$avp(s:password) = $(fU{s.md5});<br><br>IT DOES NOT WORK<br><br><br>could anyone tell me how exactly the authentication is done in openSER? is the response generated is like the one i assumed? what + means in the response? does is mean concatenation or exoring?<br>
<br>if(!pv_www_authorize(""))<br> {<br> www_challenge(""/*realm*/,"0"/*qop*/);<br> exit;<br> }<br> if (!save("location"))<br>
sl_reply_error();<br> sl_send_reply("200", "ok");<br> exit; <br>