[Serusers] cisco 7960 authentication failure
Jan Janak
jan at iptel.org
Wed Sep 10 13:55:27 CEST 2003
One more thing, ./gen_ha1 generates HA1 string (see rfc2617), this is
not the response, but the response is calculated from it.
Jan.
On 10-09 13:53, Jan Janak wrote:
> > itodenwa> ./gen_ha1 jakob schlyter.net ser2003
> > 5e860120544c1454fee11f18b334e4ed
> >
>
> You must use ./gen_ha1 jakob at schlyter.net schlyter.net ser2003 to get
> the same hash.
>
> The reason is that you have realm in the username. A user agent that
> sent the credentials above also calculate the response using
> "jakob at schlyter.net" as username so you must do the same.
>
> BTW you don't have to put @chlyter.net into the username, it is not
> mandatory, you can use just "jakob".
>
> The reason why do we handle this special case (realm in username) is
> that there are some user agents which put this into username
> automatically and it can't be switched off. Also, realm parameter in
> the credentials is not protected by the hash so from time to time
> people prefer to include the realm into the username parameter which
> is protected by the hash.
>
> Jan.
>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list