[SR-Users] Sync nonce between various servers

David J david at styleflare.com
Mon Nov 19 14:54:59 CET 2012


Is the database shared? If so maybe when they authenticate add a secure
token to the header that the second proxy can use for auth?

Just a suggestion not sure if its the answer your looking for or perhaps I
didn't understand the scenario well enough.
On Nov 19, 2012 7:53 AM, "Andreas Granig" <agranig at sipwise.com> wrote:

> Hi,
>
> There are lots of parameters controlling the creation of nonce values on
> a server, and I'm curious if there is a way to kind of "sync" them
> between servers.
>
> The use case would be to have a UA send for example its registration to
> Proxy1. Proxy1 would challenge it, UA will send the registration again,
> this time with credentials. Proxy1 would look up the user based on
> $au/$ar in the subscriber table, and if it's not found, will look up the
> responsible proxy from another table (with key being $au@$ar), forward
> it to Proxy2, which then would be able authenticate the user.
>
> The reason for this is that the auth credentials are unique across all
> servers and reliably identify a user, whereas for example From could be
> something else (e.g. in case of an IP-PBX sending a CLI in the
> From-userpart).
>
> Challenging the user on the second proxy again would theoretically be
> possible, but if the UA gets a 401 twice (once from Proxy1, once from
> Proxy2), it'll most likely pop up a password form for soft-clients, so I
> want to avoid that.
>
> Any ideas how to accomplish that?
>
> Andreas
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121119/9f10e400/attachment-0001.htm>


More information about the sr-users mailing list