18 May
2019
18 May
'19
5:21 p.m.
Hi ppl,
Noticed BYE requests relayed from caller to callee have the
*Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is the
callee gets to see caller's authentication credentials.
Thanks.
18 May
18 May
5:26 p.m.
New subject: BYE relays Digest and others in Proxy-Authorization header
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the
*Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using
remove_hf function.
-- Juha
5:31 p.m.
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consum…
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh(a)tutpro.com> wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the
*Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication
credentials.
You can remove all unwanted headers from in-dialog requests using
remove_hf function.
-- Juha
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
5:44 p.m.
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if
need (or not) to do the same for other methods that carry authentication
headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-b…
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas(a)gmail.com> wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consum…
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh(a)tutpro.com> wrote:
Sergiu Pojoga writes:
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Noticed BYE requests relayed from caller to callee have the
*Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication
credentials.
You can remove all unwanted headers from in-dialog requests using
remove_hf function.
-- Juha
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
7:07 p.m.
Some update.
I'll have to see in time if this is ok, but for now
* remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
has_credentials("mydomain"))* statement WITHINDLG route seems to do
the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga <pojogas(a)gmail.com> wrote:
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if
need (or not) to do the same for other methods that carry authentication
headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-b…
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas(a)gmail.com> wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consum…
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh(a)tutpro.com> wrote:
Sergiu Pojoga writes:
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Noticed BYE requests relayed from caller to callee have the
*Proxy-Authorization* header including *Digest*, *nonce* and
*response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication
credentials.
You can remove all unwanted headers from in-dialog requests using
remove_hf function.
-- Juha
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
19 May
19 May
2:40 p.m.
After authentication, you always need to consume the credentials, as
pointed out. There’s a function specifically for that.
Check out the default-installed config, you’ll see it being used there.
David
On Sat, 18 May 2019 at 17:08, Sergiu Pojoga <pojogas(a)gmail.com> wrote:
Some update.
I'll have to see in time if this is ok, but for now
* remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
has_credentials("mydomain"))* statement WITHINDLG route seems to do
the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga <pojogas(a)gmail.com> wrote:
--
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if
need (or not) to do the same for other methods that carry authentication
headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-b…
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas(a)gmail.com> wrote:
Kamailio (SER) - Users
Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consum…
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh(a)tutpro.com> wrote:
_______________________________________________ Sergiu Pojoga writes:
>
> Noticed BYE requests relayed from caller to callee have the
> *Proxy-Authorization* header including *Digest*, *nonce* and
*response*.
>
> Is that by SIP definition or am I doing something wrong? My concern
is the
> callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using
remove_hf function.
-- Juha
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
7:41 p.m.
Hi David,
Not sure if you read the entire thread, the question was specifically for
in-dialog subsequent requests. Even in the default config, *route[AUTH]* is
right after *route[WITHINDLG]*, so I highly doubt re-Invites, BYEs and
other in-dialogs are stripped of authentication credentials.
Correct me if I'm wrong.
Cheers.
On Sun, May 19, 2019 at 7:41 AM David Villasmil <
david.villasmil.work(a)gmail.com> wrote:
After authentication, you always need to consume the
credentials, as
pointed out. There’s a function specifically for that.
Check out the default-installed config, you’ll see it being used there.
David
On Sat, 18 May 2019 at 17:08, Sergiu Pojoga <pojogas(a)gmail.com> wrote:
Some update.
I'll have to see in time if this is ok, but for now
* remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
has_credentials("mydomain"))* statement WITHINDLG route seems to do
the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga <pojogas(a)gmail.com> wrote:
--
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if
need (or not) to do the same for other methods that carry authentication
headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-b…
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas(a)gmail.com> wrote:
Kamailio (SER) - Users
Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consum…
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh(a)tutpro.com> wrote:
> Sergiu Pojoga writes:
> >
> > Noticed BYE requests relayed from caller to callee have the
> > *Proxy-Authorization* header including *Digest*, *nonce* and
> *response*.
> >
> > Is that by SIP definition or am I doing something wrong? My concern
> is the
> > callee gets to see caller's authentication credentials.
>
> You can remove all unwanted headers from in-dialog requests using
> remove_hf function.
>
> -- Juha
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
2020
days inactive
2021
days old
6 comments
4 participants
participants (4)
-
Aqs Younas -
David Villasmil -
Juha Heinanen -
Sergiu Pojoga