Bogdan,
from my humble understanding so far there might be an easier way than to follow the entire dialog.
As far as I understand RFC3261 section 22.3 second paragraph, all authorisation challenges by the UAS should be forwarded to the originating UAC. The current intention of the uac-module is however to catch the 401/407 challenge of the UAS in the failure_route and answer on the UACs behalf. The UAC receives nothing and does therefore not increase the cseq value. That way the problem of the non-matching cseq numbers occurs. The RFC explicitly mentions this problem in paragraph 3.
It appears to me that one could indeed forward the 401/407 challenge to the UAC, hoping that the UAC knows how to answer such challenge, and modify the UACs proxy-authorisation credentials response on the way back to the UAS. The credentials which need to be modified can be identified by the realm.
In essence, whenever openser receives such proxy-authorisation credentials on an INVITE where the realm matches any of the realms stored in openser and also the call-id matches that of the forwarded challenge then these credentials are modified and relayed to the UAS.
So all what one would need would be some method similar to uac_auth which does not add crednetials but modifyies credentials when there is a match with stored credentials.
Would that be doable or am I "jumping" too quickly here ?
Cheers
Gerry
----- Original Message ----- From: "Bogdan-Andrei Iancu" bogdan@voice-system.ro To: "G.Jacobsen" g_jacobsen@yahoo.co.uk Cc: users@openser.org Sent: Tuesday, May 30, 2006 10:42 AM Subject: [Bulk] Re: [Users] uac_auth cseq workaround - ANY ?
Hi Gerry,
not incrementing the cseq number during authentication is a known limitation of the uac module. A solution will require dialog persistence on server (cseq number spreads across the entire dialog) - and this is only in the early stages....:( I'm afraid there is no work around....
regards, bogdan
G.Jacobsen wrote:
Hello,
I am trying to use the uac_auth function against an asterisk box and receive 488 not acceptable here.
It appears that this is not due to a media problem since the client which is routed through openser can issue an authenticated invite without problems when registered directly with the asterisk box - with exactly the the same media settings.
So I supect that this 488 message is due to the fact that openser does not increase the cseq during authentication causing asterisk to issue a 488 after the correct response to the challenge.
What are my workaround options to authenticate openser against asterisk (or any other RFC compliant proxy) ?
ANY practical hints would be highly appreciated.
TIA for your help.
Gerry
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html