> >
> > Could I add the "Supported" and "ms-keep-alive" portions of that
> header?
>
> Sure, SIPTAG_SUPPORTED_STR("gruu-10, adhoclist"),
> SIPTAG_HEADER_STR("ms-keep-alive: uac;hop-hop=yes")
>
Great!
>
> You need 3 request-responses for authentication? Or should we include
> something in the first REGISTER. Nua should retry with new
> auc_authorize results if auc_challenge returns something > 0.
>
Yes, there are 3 request-response pairs for a typical OCS authentication
handshake. I don't believe we can put anything in the first REGISTER
because the server keeps track of REGISTERs and since it's the first one
I don't believe it will return a challend in gssapi-data.
Here's the basic auth flow:
. REGISTER (no Authorization header)
. 401 Response (with 2 WWW-Authenticate headers - NTLM and Kerberos)
. re-REGISTER with an empty gssapi-data param:
Authorization: NTLM qop="auth", realm="SIP Communications Service",
targetname="myocs.domain.local", gssapi-data=""
. 401 Response with an NTLM challenge in the gssapi-data param
- This challenge is parsed (Base 64 decoded) and used as a nonce in
creating the NTLM authenticate message
. re-REGISTER with a Base 64 encoded NTLM authenticate message
. 200 response
I'm thinking about just creating a ca_ocs_ntlm_plugin because this type
of authorization is probably very different than a typical digest, or
regular NTLM authorization.
> > Oh, another thing, should sip->sip_www_authenticate->au_next contain
> the
> > next WWW-Authenticate header if there are multiple authenticate
> headers?
> > Because in my case the NTLM header is the only one in the sip
pointer;
> > au_next is null.
>
> Yes, if there are several WWW-Authenticate challenges they are linked
> via au_next.
>
For some reason the NTLM WWW-Authenticate header is the only one that it
finds. The Kerberos header is not in the au_next. Any reason why this
would be the case?
Confidentiality Notice: This e-mail message including attachments, if any, is
intended only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies of
the original message. If you are the intended recipient, but do not wish to
receive communications through this medium, please so advise the sender
immediately.
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
