"Shoujit Mitra" <[EMAIL PROTECTED]> wrote: > I have a question regarding the implementation of Digest-MD5 authentication > protocol as defined in 'expired' draft "draft-sterman-aaa-sip-00.txt" > As per the everything seems to be perfect other than step-4 in the below > sequence diagram. ...
I would suggest asking the draft authors. > 4. Issue: > At step-4, FreeRADIUS Sever send Access-Accept packet to RADIUS Client, > without the Digest-Authentication Response. Which is what the draft says to do, and which is what works with the Cisco SIP servers which use this protocol. > As per RFC2831: "Using Digest Authentication as a SASL Mechanism" > > RADIUS Server should send a message formatted as follows: > response-auth = "rspauth" "=" response-value Absolutely not. RFC 2831 says nothing at all about RADIUS. > Question: > 1. Hope my understanding of the flow of messages/data is correct. > If not please correct me. It looks fine to me. > 2. If the above flow is correct, is there any plans to make the Digest-Md5 > authentication complaint to rfc2831? Why? It's compliant to the Sterman draft, not to RFC 2831. If the Sterman draft isn't compliant to RFC 2831, then I suggest emailing the authors of that draft, and asking them about it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html