On 10-08 02:11, Klaus Darilion wrote:
SIP allows multiple credentials in one request. These credentials differ
in the realm string. So using the same realm for 2 hops does not work as
long as the hops are not synchronized in producing the nonce. Maybe it
can work if the proxy uses proxy-authentication and the SIPURA uses
www_authentication.
No, the trick with proxy-authentication and www-authentication will
not work. You have to either syncronize the nonce validation or use
distinct realms.
The question is how widely are multiple credentials within a
single SIP message supported in existing implementations. I saw many
implementations that give up after second 401 or 407 even if there is
a new challenge in the reply.
Jan.