[OpenSER-Users] Authentication problem in openSER
Henning Westerholt
henning.westerholt at 1und1.de
Fri May 23 10:57:56 CEST 2008
On Thursday 22 May 2008, Ahmed Huraimel wrote:
> i am investigating the authentication on openSER. I search for a proper
> explanations but unfortunately i did not find how it is exactly done so i
> did some experiments. i assumed that the response is generated as the
> following: note that i set the username and password with the same string
> "alali"
>
> Response = MD5( username + MD5(password) + realm + nonce)
> [..]
> could anyone tell me how exactly the authentication is done in openSER? is
> the response generated is like the one i assumed? what + means in the
> response? does is mean concatenation or exoring?
Hi Ahmed,
the authentification in OpenSER/ SIP is based on HTTP auth. You find a
detailed explanation for the construction of the response for example at:
http://en.wikipedia.org/wiki/Digest_access_authentication , some further
informations at: http://www.voip-info.org/wiki/view/SIP+Authentication
For the exact logic inside OpenSER just take a look at the auth module source
code, it should be not that hard to understand. ;-)
Cheers,
Henning
More information about the sr-users
mailing list