[Serusers] http digest authentication
Greger V. Teigre
greger at teigre.com
Tue Oct 3 13:06:47 CEST 2006
The sip-implementors list at Columbia.edu would be more appropriate for
this question.
Why not look in ser auth module code?
And yes, the algorithm is the same as http digest.
g-)
Holger Kinkelin wrote:
> Hello list!
>
> I wonder how a UAC calculates the response to a 401 "Unauthorized"
> message from a server.
>
> I know that it works much like http digest authentication, but it's
> not exactely the same, since I do NOT have the Quality of Protection
> (qop) value. (Or am I wrong? My assumption is based on the fact that I
> don't see a qop-value in the REGISTER message my kphone sends after
> the 401)
>
> I've written some piece of code that is (in pseudo code) like that:
>
> HA1 = md5(username + ":" + realm + ":" + password)
> HA2 = md5(digestURI)
> response = md5(HA1 + ":" + nonce + ":" + recCounter + ":" + cNonce +
> ":" + qualOfProt + ":" + HA2)
>
> username = "1000"
> realm = "192.168.0.31"
> password = "1000"
> digestURI = "sip:192.168.0.31" <--- IS THIS CORRECT?? Or is it s.th
> like "REGISTER sip: ..."?
> nonce = "4520e111333a24d8c4f3d20c6171cc37dfa2be33"
> recCounter = "00000001"
> cNonce = "abcdefghi"
> qualOfProt IS MISSING!
>
> I know that my code is working for "normal" http digest authentication
> but not for "sip digest authentication". So what am I doing wrong?
>
> Thanks for replies in advance!
> Regards,
> Holger
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list