[Serusers] cisco 7960 authentication failure

Jan Janak jan at iptel.org
Wed Sep 10 13:55:27 CEST 2003


One more thing, ./gen_ha1 generates HA1 string (see rfc2617), this is
not the response, but the response is calculated from it.

  Jan.

On 10-09 13:53, Jan Janak wrote:
> >  itodenwa> ./gen_ha1 jakob schlyter.net ser2003
> >  5e860120544c1454fee11f18b334e4ed
> > 
>  
>    You must use ./gen_ha1 jakob at schlyter.net schlyter.net ser2003 to get
>    the same hash.
> 
>    The reason is that you have realm in the username. A user agent that
>    sent the credentials above also calculate the response using
>    "jakob at schlyter.net" as username so you must do the same.
> 
>    BTW you don't have to put @chlyter.net into the username, it is not
>    mandatory, you can use just "jakob".
> 
>    The reason why do we handle this special case (realm in username) is
>    that there are some user agents which put this into username
>    automatically and it can't be switched off. Also, realm parameter in
>    the credentials is not protected by the hash so from time to time
>    people prefer to include the realm into the username parameter which
>    is protected by the hash.
> 
>       Jan.
> 
>    
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list