Hi ppl,
Noticed BYE requests relayed from caller to callee have the *Proxy-Authorization* header including *Digest*, *nonce* and *response*.
Is that by SIP definition or am I doing something wrong? My concern is the callee gets to see caller's authentication credentials.
Thanks.
May be you need this.
https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume...
Br, Aqs
On Sat, 18 May 2019, 7:26 pm Juha Heinanen, jh@tutpro.com wrote:
Hi Aqs,
By all means I'm doing that for dialog-forming INVITEs, just in doubt if need (or not) to do the same for other methods that carry authentication headers.
I now found this article which partially explains my dilemma. https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-by...
Cheers.
On Sat, May 18, 2019 at 10:32 AM Aqs Younas aqsyounas@gmail.com wrote:
Some update.
I'll have to see in time if this is ok, but for now * remove_hf("Proxy-Authorization")* in a *if (from_uri == myself && has_credentials("mydomain"))* statement WITHINDLG route seems to do the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
Cheers.
On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga pojogas@gmail.com wrote:
After authentication, you always need to consume the credentials, as pointed out. There’s a function specifically for that. Check out the default-installed config, you’ll see it being used there.
David
On Sat, 18 May 2019 at 17:08, Sergiu Pojoga pojogas@gmail.com wrote:
Hi David,
Not sure if you read the entire thread, the question was specifically for in-dialog subsequent requests. Even in the default config, *route[AUTH]* is right after *route[WITHINDLG]*, so I highly doubt re-Invites, BYEs and other in-dialogs are stripped of authentication credentials.
Correct me if I'm wrong.
Cheers.
On Sun, May 19, 2019 at 7:41 AM David Villasmil < david.villasmil.work@gmail.com> wrote:
-
Aqs Younas -
David Villasmil -
Juha Heinanen -
Sergiu Pojoga