I've noted three problems with KPhone (CVS version from 2006-05-29) and
authentication, that are above my ability to fix :
1) If I have saved the wrong password in the configuration file,
KPhone tries to use it at startup for REGISTER but figures out that
it doesn't work so it shows me a dialog box where I can enter the
correct password. This works for the REGISTER, but KPhone does not
use this entered password for subsequent SUBSCRIBEs. For
SUBSCRIBEs, the incorrect password from the configuration file is
still used.
2) KPhone never gives up. If it gets a 401, and send a new request and
get another 401 (not 'stale' or anything), it retries as fast as it
can and never stops. That can create serious load on a SIP server,
and large installations would probably ban KPhone as a client
because it could cause operational harm for the servers.
Not sure exactly how to fix, but to have a counter and stop trying
after three attempts or similar would probably be a good start. Not
retrying if the computed response was exactly the same as the last
one tried also seems like an oviously good thing.
3) Scenario :
UAC (kphone) --- Proxy --- UAS (presence server for example)
If KPhone sends a SUBSCRIBE (for example) and get a 407 from
Proxy, it adds a 'Proxy-Authorization' header. This gets the
request past Proxy, but UAS also wants to authenticate the user
before processing the SUBSCRIBE. It is a server, not a proxy, so
it sends a 401. KPhone gets the 401 and creates a new request with
an 'Authorization' header, BUT NO 'Proxy-Authorization', so the
request gets challenged by Proxy again (with a 407). Lathe, rinse,
repeat.
Even if it can be argued stupid by the proxy-server integrators,
KPhone should just add Authorization headers, so that the request
eventually gets through Proxy and also gets accepted at UAS.
Have a nice weekend
/Fredrik
_______________________________________________
kphone-devel mailing list
kphone-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kphone-devel
