[Serusers] MD5 Authentication Question

Jan Janak jan at iptel.org
Thu Nov 25 21:01:12 CET 2004 

The algorithm seems to be correct, check the contents of subscriber
table to make sure that you have username admin with realm iptel.org and
password heslo there.

Also make sure that you have calculate_ha1 parameter uncommented in the
configuration file of SER. If you do not use the parameter then ser will
use ha1 column instead, that column contains MD5(A1) and that string may
be built using different realm (common source of problems). If unsure
use calculate_ha1 parameter.

  Jan.

On 22-11 19:18, Andrew Ho wrote:
> Hi all,
> 
> I'm trying to implement the MD5 digest authentication in my SIP client to
> register with SER, and I sent and receive:
> 
> REGISTER sip:10.0.0.113:6060 SIP/2.0
> Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2
> From:
> <sip:VoiceGenie at 10.0.0.113:6060>;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3
> To: <sip:VoiceGenie at 10.0.0.113:6060>
> Max-Forwards: 70
> CSeq: 1 REGISTER
> Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1 at 205.150.90.93:5060
> Contact: <sip:VoiceGenie at 205.150.90.93:5060>;expires=60
> Content-Length: 0
> 
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK0167f788a27be2
> From:
> <sip:VoiceGenie at 10.0.0.113:6060>;tag=AB7327E9-BD62-46F5-F2A0-55C60D2C15A3
> To:
> <sip:VoiceGenie at 10.0.0.113:6060>;tag=224edcece75971e271cb292defd4983a.bf0d
> CSeq: 1 REGISTER
> Call-ID: ED2DD8A5-2A10-40F6-5BA1-27F0DE4456D1 at 205.150.90.93:5060
> WWW-Authenticate: Digest realm="iptel.org",
> nonce="41a27b3b6184801b57dba727f73804c29f91f1b3"
> Server: Sip EXpress router (0.8.14 (i386/linux))
> Content-Length: 0
> Warning: 392 10.0.0.113:6060 "Noisy feedback tells:  pid=9455
> req_src_ip=205.150.90.93 req_src_port=5060 in_uri=sip:10.0.0.113:6060
> out_uri=sip:10.0.0.113:6060 via_cnt==1"
> 
> 
> Following RFC 2617,
> A1 = admin:iptel.org:heslo
> (where SER's default username:password pair "admin:heslo" are used, with
> realm="iptel.org)
> A2 = REGISTER:sip:10.0.0.113:6060
> (where method="REGISTER" and digest-url="sip:10.0.0.113:6060" which agrees
> with request URI, and note that SER is running at 10.0.0.113, port = 6060)
> 
> Response was calculated as
> MD5( MD5(A1):nonce:MD5(A2) )
> 
> And my new REGISTER msg is:
> REGISTER sip:10.0.0.113:6060 SIP/2.0
> Via: SIP/2.0/UDP 205.150.90.93:5060;branch=z9hG4bK01683cc0a27be2
> From:
> <sip:VoiceGenie at 10.0.0.113:6060>;tag=A1C28CFF-9D16-47DD-059A-0E8F88F7F4AE
> To: <sip:VoiceGenie at 10.0.0.113:6060>
> Max-Forwards: 70
> CSeq: 2 REGISTER
> Call-ID: 30EB6AEA-9A88-4D34-1E92-5050F566665B at 205.150.90.93:5060
> Contact: <sip:VoiceGenie at 205.150.90.93:5060>;expires=60
> Content-Length: 0
> Authorization: Digest username="admin", realm="iptel.org",
> nonce="41a27b3b6184801b57dba727f73804c29f91f1b3", uri="sip:10.0.0.113:6060",
> response="55a3888ff8ff7e8a9b31e38091effe21"
> 
> But I still get another 401 Unauthorized response ...
> I'm pretty sure my A1 is correct. Could it be my A2 where method shouldn't
> be REGISTER? Or may be the digest-uri is wrong?
> 
> Thank you in advance.
> Andrew Ho

> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list