Le 23 avr. 2014 à 09:50, Daniel-Constantin Mierla <miconda@gmail.com> a écrit :

However, SIP RFC enforces www digest authentication and it is what all the phones I am aware of in the wild support now.

Thanks for all this informations.

That explain me why all SIP product I see on the market have this really big issue of requiring a distinct PIN code for SIP account.

As a sys admin who maintain a unique identity for all enterprise services, it’s hard to accept to make an exception for SIP…

I don’t understand how it's possible to end up on a RFC like that…

The good point for me is, on OS X Server, I’ve a private API who can provide me DIGEST challenge, so something is possible. But for my FreeBSD based server, I’m stuck…



TLS authentication is harder to deploy in SMB. That mean a internal CA and a overhead to ensure that each client certificate are well secured.


The solution of BASIC authentication over TLS connection (with certificate only on the server) is widely used by HTTPS based software or event e-mail protocols to allow add-on services to be connected to existing directory services without requiring access to clear text password.


Cheers,
Yoann