On Thursday 22 May 2008, Ahmed Huraimel wrote:
i am investigating the authentication on openSER. I search for a proper explanations but unfortunately i did not find how it is exactly done so i did some experiments. i assumed that the response is generated as the following: note that i set the username and password with the same string "alali"
Response = MD5( username + MD5(password) + realm + nonce) [..] could anyone tell me how exactly the authentication is done in openSER? is the response generated is like the one i assumed? what + means in the response? does is mean concatenation or exoring?
Hi Ahmed,
the authentification in OpenSER/ SIP is based on HTTP auth. You find a detailed explanation for the construction of the response for example at: http://en.wikipedia.org/wiki/Digest_access_authentication , some further informations at: http://www.voip-info.org/wiki/view/SIP+Authentication
For the exact logic inside OpenSER just take a look at the auth module source code, it should be not that hard to understand. ;-)
Cheers,
Henning