Some update.

I'll have to see in time if this is ok, but for now remove_hf("Proxy-Authorization") in a if (from_uri == myself && has_credentials("mydomain")) statement WITHINDLG route seems to do the trick. consume_credentials() for some reason doesn't on in-dialogs.

Cheers.

On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga <pojogas@gmail.com> wrote:

Hi Aqs,

By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.

I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-bye-request

Cheers.

On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas@gmail.com> wrote:
May be you need this.

https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume_credentials

Br, Aqs

On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh@tutpro.com> wrote:
Sergiu Pojoga writes:
>
> Noticed BYE requests relayed from caller to callee have the
> *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
>
> Is that by SIP definition or am I doing something wrong? My concern is the
> callee gets to see caller's authentication credentials.

You can remove all unwanted headers from in-dialog requests using
remove_hf function.

-- Juha

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users