[OpenSER-Users] Proxy Authorization - Two Digests

Klaus Darilion klaus.mailinglists at pernau.at
Fri Apr 25 09:41:09 CEST 2008



Iñaki Baz Castillo schrieb:
> El Viernes, 25 de Abril de 2008, Ash Rah escribió:
>> Hi,
>>
>> On initial INVITEs, both OpenSER and Asterisk send separate nonce and
>> X-Lite then sends back two different digests in a single following INVITE :
>>
>> Proxy-Authorization: Digest
>> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848
>> 484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit
>> hm=MD5.
>>
>>
>> Proxy-Authorization: Digest
>> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f
>> 977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response
>> ="361700cce632c00ff70ede5e5126c6ac",algo
>>
>> The first one is for asterisk, (realm="asterisk") and the second one is
>> for OpenSER. But unfortunately OpenSER probably examines the first
>> digest which causes failed Proxy Authorization.
>>
>> Is it possible to instruct OpenSER to inspect both of the digests before
>> it makes a decision?
> 
> Yes, but you must specify it, try this:
> 
> if (!proxy_authorize("sip.dummydomain.com","subscriber")) {
>                         proxy_challenge("","0");
>                         exit;
> }
> 
> 
> Do you understand? if "proxy_authorize" has an empty first parameter then 
> OpenSer tries to authenticate against a realm paramenter that the client 
> sends in the first "Proxy-Authorization" header.

Shouldn't the realm be derived from the To/From header?

regards
klaus





More information about the sr-users mailing list