Bogdan,
from my humble understanding so far there might be an easier way than to
follow the entire dialog.
As far as I understand RFC3261 section 22.3 second paragraph, all
authorisation challenges by the UAS should be forwarded to the originating
UAC. The current intention of the uac-module is however to catch the 401/407
challenge of the UAS in the failure_route and answer on the UACs behalf. The
UAC receives nothing and does therefore not increase the cseq value. That
way the problem of the non-matching cseq numbers occurs. The RFC explicitly
mentions this problem in paragraph 3.
It appears to me that one could indeed forward the 401/407 challenge to the
UAC, hoping that the UAC knows how to answer such challenge, and modify the
UACs proxy-authorisation credentials response on the way back to the UAS.
The credentials which need to be modified can be identified by the realm.
In essence, whenever openser receives such proxy-authorisation credentials
on an INVITE where the realm matches any of the realms stored in openser and
also the call-id matches that of the forwarded challenge then these
credentials are modified and relayed to the UAS.
So all what one would need would be some method similar to uac_auth which
does not add crednetials but modifyies credentials when there is a match
with stored credentials.
Would that be doable or am I "jumping" too quickly here ?
Cheers
Gerry
----- Original Message -----
From: "Bogdan-Andrei Iancu" <bogdan(a)voice-system.ro>
To: "G.Jacobsen" <g_jacobsen(a)yahoo.co.uk>
Cc: <users(a)openser.org>
Sent: Tuesday, May 30, 2006 10:42 AM
Subject: [Bulk] Re: [Users] uac_auth cseq workaround - ANY ?
Hi Gerry,
not incrementing the cseq number during authentication is a known
limitation of the uac module. A solution will require dialog persistence
on server (cseq number spreads across the entire dialog) - and this is
only in the early stages....:(
I'm afraid there is no work around....
regards,
bogdan
G.Jacobsen wrote:
Hello,
I am trying to use the uac_auth function against an asterisk box and
receive 488 not acceptable here.
It appears that this is not due to a media problem since the client
which is routed through openser can issue an authenticated invite
without problems when registered directly with the asterisk box - with
exactly the the same media settings.
So I supect that this 488 message is due to the fact that openser does
not increase the cseq during authentication causing asterisk to issue
a 488 after the correct response to the challenge.
What are my workaround options to authenticate openser against
asterisk (or any other RFC compliant proxy) ?
ANY practical hints would be highly appreciated.
TIA for your help.
Gerry
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
___________________________________________________________
The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet
provider.
http://uk.docs.yahoo.com/nowyoucan.html