Radius experience... was Re: [Serusers] "Best practice" document
Greger V. Teigre
greger at teigre.com
Mon Feb 21 16:44:33 CET 2005
Yeah, but the nonce expiry time is included in the reponse to the
client, so it will know whether the nonce has expired or not. I
believe it is grandstream 100 that has showed this behavior, but only
for a certain firmware or combination of settings, haven't been able
to nail it down.
g-)
> Klaus Darilion wrote:
>> Greger V. Teigre wrote:
>>
>>> BTW, makes me recall another thing we have seen: Some UAs
>>> actually do two auths against the DB every time a registration
>>> arrives. Once for the first INVITE (which receives an "auth
>>> required") and then another time with a new nonce. I think it has
>>> something to do with the UA including the old credentials in the
>>> first INVITE even though the nonce has expired and an auth must be
>>> done to verify that the credentials are incorrect. Have you seen
>>> this behavior? g-)
>>
>> Yes, I've seen this once but can't remember which client it was. IMO
>> it is a good idea to include the credentials (from the last nonce) in
>> all requests. If the nonce is still valid, this avoids the second
>> request with the credentials. On the other hand, it increases traffic
>> on the authentication servers. Don't know whats better :-)
>>
>> regards,
>> klaus
More information about the sr-users
mailing list