Iñaki Baz Castillo schrieb:
> El Viernes, 25 de Abril de 2008, Ash Rah escribió:
>> Hi,
>>
>> On initial INVITEs, both OpenSER and Asterisk send separate nonce and
>> X-Lite then sends back two different digests in a single following INVITE :
>>
>> Proxy-Authorization: Digest
>> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848
>> [EMAIL PROTECTED]",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit
>> hm=MD5.
>>
>>
>> Proxy-Authorization: Digest
>> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f
>> 977cae40a747d26f7e9c5f",uri="sip:[EMAIL PROTECTED]",response
>> ="361700cce632c00ff70ede5e5126c6ac",algo
>>
>> The first one is for asterisk, (realm="asterisk") and the second one is
>> for OpenSER. But unfortunately OpenSER probably examines the first
>> digest which causes failed Proxy Authorization.
>>
>> Is it possible to instruct OpenSER to inspect both of the digests before
>> it makes a decision?
>
> Yes, but you must specify it, try this:
>
> if (!proxy_authorize("sip.dummydomain.com","subscriber")) {
> proxy_challenge("","0");
> exit;
> }
>
>
> Do you understand? if "proxy_authorize" has an empty first parameter then
> OpenSer tries to authenticate against a realm paramenter that the client
> sends in the first "Proxy-Authorization" header.
Shouldn't the realm be derived from the To/From header?
regards
klaus
_______________________________________________
Users mailing list
[email protected]
http://lists.openser.org/cgi-bin/mailman/listinfo/users
