Re: [Sip-implementors] Regarding authentication

Wed, 24 Jan 2007 16:00:35 -0800 

I'm far from sure, but I think it may be possible for a forking proxy to 
get 407 responses from multiple forks, and to combine the 
Proxy-Authenticate headers into a single 407 response. If this were 
done, then a retry that contains two Proxy-Authorization headers could 
fork and succeed on both forks.

        Paul

[EMAIL PROTECTED] wrote:
> But as per Section 3.3 flow of RFC 3665, second 407 contains only one 
> Proxy-authenticate header and not two headers, so how will UA know that he 
> has to send two Proxy-Authorization headers in INVITE message.
> 
> Am I missing something?
> 
> 
> 
> 
> "Attila Sipos" <[EMAIL PROTECTED]> 
> 01/24/2007 05:26 PM
> 
> To
> Udit Goyal/C/IN/[EMAIL PROTECTED], "SIP Implementors" 
> <[email protected]>
> cc
> 
> Subject
> RE: [Sip-implementors] Regarding authentication
> 
> 
> 
> 
> 
> 
> yes, you can have multiple Proxy-Authenticate headers.
> 
> You might be able to store the response provided the challenge
> hasn't changed.  I'm not sure.
> 
> But you could definitely just recalculate both authentication
> responses (so you wouldn't have to store anything).
> For the user being challenged you'd just have separate
> passwords for each realm ( I assume the Proxy-Authenticate
> headers would have different realms)
> 
> Regards,
> 
> Attila
> 
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] on behalf of 
> [EMAIL PROTECTED]
> Sent: Wed 24/01/2007 19:51
> To: SIP Implementors
> Cc:
> Subject: [Sip-implementors] Regarding authentication
> 
> 
> 
> Hi,
> 
> Can UAC receive 407 response with multiple Proxy-authenticate headers?
> 
> As per RFC 3665 Section 3.3. flow, for multiple proxy authentication flow,
> when proxy 2 challenges the request, proxy 1 sends 407 back to UAC with
> only one Proxy-authenticate header containing the challenge of only proxy
> 2.
> 
> Is it responsibility of UAC to store the previous Proxy-Authorization that
> it sent to proxy 1, and when it receives 407 again from proxy1 with
> different challenge, sends the collated invite with both authorization
> headers.
> 
> Regards,
> Udit
> _______________________________________________
> Sip-implementors mailing list
> [email protected]
> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
> 
> 
> _______________________________________________
> Sip-implementors mailing list
> [email protected]
> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
> 
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors

Reply via email to