[Users] qop authentication support

Klaus Darilion klaus.mailinglists at pernau.at
Tue Dec 5 14:26:25 CET 2006

Klaus Darilion wrote:
> Hi!
> Reading openser's docs about qop, it looks like openser supports qop.
> turning qop on with www_challenge("", "1") activates the qop parameter:
> WWW-Authenticate: Digest realm="foo.bar", 
> nonce="457553154ed7b9d93effa4118b4fe21f11b7f887", qop="auth".
> Openser advertises only qop=auth. Looking at the source code I get the 
> impression that auth-int is supported too. How can this be activated?

 From Rfc 3261 how it looks like:

       WWW-Authenticate: Digest

I guess it should be easy to add this to the auth module. I think it 
will be useful to allow exact specification of the qop parameter with a 
bitmask, e.g:

www_challenge("", "1"): qop="auth"
www_challenge("", "2"): qop="auth-int"
www_challenge("", "3"): qop="auth,auth-int"

Further, I think it can be useful to extend www_authorize (and the 
radius functions) to return different return codes depending on the 
authentication problem (e.g. cnonce counter problem, ....).

Further, does someone have any experience how clients handle qop=auth 
and qop=auth-int?


Klaus Darilion

More information about the Users mailing list