[Serusers] cisco 7960 authentication failure

Jakob Schlyter jakob at rfc.se
Wed Sep 10 07:50:09 CEST 2003


On Wed, 10 Sep 2003, Jan Janak wrote:

>  domain in username attribute must be same as the value of realm
>  attribute.

because of the implementation in ser? I understand this is not the case
for digest authentication in general, no? According to RFC2617, the realm
doesn' even have to be a domain.


anyway, after changing the realm to "" I get the data below. it seems to
me that the internal calculate_ha1 (I use calculate_ha1=1) gets the wrong
hash?

 WWW-Authenticate: Digest realm="schlyter.net",
 nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30", qop="auth"

 Authorization: Digest username="jakob at schlyter.net",realm="schlyter.net",
 uri="sip:schlyter.net",response="3d38e621a815df0c2589656c294b9129",
 nonce="3f5ebb4f2b39fb9cddbaf991430cebc22b0c3d30",cnonce="77390415",
 qop=auth,nc=00000001,algorithm=m

 0(27788) HA1 string calculated: 5e860120544c1454fee11f18b334e4ed
 0(27788) check_response(): Our result = '2544fd772b025e8ce54da191166ea319'

however,

 itodenwa> ./gen_ha1 jakob schlyter.net ser2003
 5e860120544c1454fee11f18b334e4ed


if I run this again, "check_response(): Our result" gives me another value
for the hash - I guess this should stay the same?


	jakob




More information about the sr-users mailing list