[SR-Users] Sync nonce between various servers

[Andreas Granig]

Hi,

There are lots of parameters controlling the creation of nonce values on
a server, and I'm curious if there is a way to kind of "sync" them
between servers.

The use case would be to have a UA send for example its registration to
Proxy1. Proxy1 would challenge it, UA will send the registration again,
this time with credentials. Proxy1 would look up the user based on
$au/$ar in the subscriber table, and if it's not found, will look up the
responsible proxy from another table (with key being $au@$ar), forward
it to Proxy2, which then would be able authenticate the user.

The reason for this is that the auth credentials are unique across all
servers and reliably identify a user, whereas for example From could be
something else (e.g. in case of an IP-PBX sending a CLI in the
From-userpart).

Challenging the user on the second proxy again would theoretically be
possible, but if the UA gets a 401 twice (once from Proxy1, once from
Proxy2), it'll most likely pop up a password form for soft-clients, so I
want to avoid that.

Any ideas how to accomplish that?

Andreas



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121119/a75756c8/attachment.pgp>