Hi ppl,
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is the callee gets to see caller's authentication credentials.
Thanks.
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is the callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.
I now found this article which partially explains my dilemma. https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-by...
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas aqsyounas@gmail.com wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Some update.
I'll have to see in time if this is ok, but for now * remove_hf("Proxy-Authorization")* in a *if (from_uri == myself && has_credentials("mydomain"))* statement WITHINDLG route seems to do the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga pojogas@gmail.com wrote:
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-by...
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas aqsyounas@gmail.com wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and
*response*.
Is that by SIP definition or am I doing something wrong? My concern is
the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
After authentication, you always need to consume the credentials, as pointed out. There’s a function specifically for that. Check out the default-installed config, you’ll see it being used there.
David
On Sat, 18 May 2019 at 17:08, Sergiu Pojoga pojogas@gmail.com wrote:
Some update.
I'll have to see in time if this is ok, but for now
- remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
has_credentials("mydomain"))* statement WITHINDLG route seems to do the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga pojogas@gmail.com wrote:
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-by...
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas aqsyounas@gmail.com wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and
*response*.
Is that by SIP definition or am I doing something wrong? My concern
is the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi David,
Not sure if you read the entire thread, the question was specifically for in-dialog subsequent requests. Even in the default config, *route[AUTH]* is right after *route[WITHINDLG]*, so I highly doubt re-Invites, BYEs and other in-dialogs are stripped of authentication credentials.
Correct me if I'm wrong.
Cheers.
On Sun, May 19, 2019 at 7:41 AM David Villasmil < david.villasmil.work@gmail.com> wrote:
After authentication, you always need to consume the credentials, as pointed out. There’s a function specifically for that. Check out the default-installed config, you’ll see it being used there.
David
On Sat, 18 May 2019 at 17:08, Sergiu Pojoga pojogas@gmail.com wrote:
Some update.
I'll have to see in time if this is ok, but for now
- remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
has_credentials("mydomain"))* statement WITHINDLG route seems to do the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga pojogas@gmail.com wrote:
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.
I now found this article which partially explains my dilemma.
https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-by...
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas aqsyounas@gmail.com wrote:
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Sergiu Pojoga writes:
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and
*response*.
Is that by SIP definition or am I doing something wrong? My concern
is the
callee gets to see caller's authentication credentials.
You can remove all unwanted headers from in-dialog requests using remove_hf function.
-- Juha
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337 _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Aqs Younas -
David Villasmil -
Juha Heinanen -
Sergiu Pojoga