I just noticed that my SIP phone sends authentication credentials for ACK and BYE in a session where the INVITE required authentication credentials. I recognize this as a good thing... but it also surprised me.
Currently, I don't handle it in my openser.cfg... I neither ask for the credentials nor do I strip them off before passing the message down the line... other than for INVITE.
I'm going to correct this in my config, and I thought it worth mentioning for others just in case others also hadn't considered it.
-mark
Hi Mark,
as far as I remember, the RFC says the sequential requests should not be authenticated and they should be trusted based on their dialog matching.
regards, bogdan
Mark Kent wrote:
I just noticed that my SIP phone sends authentication credentials for ACK and BYE in a session where the INVITE required authentication credentials. I recognize this as a good thing... but it also surprised me.
Currently, I don't handle it in my openser.cfg... I neither ask for the credentials nor do I strip them off before passing the message down the line... other than for INVITE.
I'm going to correct this in my config, and I thought it worth mentioning for others just in case others also hadn't considered it.
-mark
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Mark Kent