Hello, thank you for your response. One of our sites resides in NW of a big provider. There are number of our servers in that site. Each one of these servers has its own "client number" with its own credentials. The provider sends to all of them challenge with the same realm. I can't distinguish credentials by realm, only by user portion of the request URI. So the question is whether some rules exist for authorization or it's Registrar specific implementation who decides about the following scenario:
AA passes registration as Naa. BB isn't registered at all. Then AA sends "301 Moved Permanently" as response to Invite. Contact in 301 is "[EMAIL PROTECTED]". During the call BB invokes a new transaction and receives 407. It responses with Naa credentials. I'd like to use 301 for load balance between non-trusted servers. But if it depends on provider I can't. Thank you again. Sorry if it's a trivial question. Best Regards Masha Dorfman -----Original Message----- From: Scott Lawrence [mailto:[EMAIL PROTECTED] Sent: Thursday, April 14, 2005 3:37 PM To: Masha Dorfman Cc: [email protected] Subject: Re: [Sip-implementors] redirection and authentication interwork On Thu, 2005-04-07 at 12:41 +0300, Masha Dorfman wrote: > Hello, > my question regards authentication dialog during redirected call. > (sorry, if it was already discussed, I didn't find something about this > scenario) > > Let's say there are two servers AA and BB. AA is registered and client sends > to it INVITE. Now AA redirects the call to BB. > Question 1. Should BB also be registered as separate target with own > credentials? Or maybe it depends on Client? > Generaly I don't see why it should be - New target address is found by AA, > Client sends Invite so it doesn't ask about authentication on this stage. > > Now Client sends INVITE to BB. Neither AA no BB ask authentication and BB > receives INVITE. Call is established. After P&C dialog BB sends REFER to > Client. > Here Client answers with 407. > Question 2. What credentials should be used by BB? Can it be AA credentials? The 407 will contain a 'realm' attribute - it should be the credentials that match that realm. -- Scott Lawrence, Consulting Engineer Pingtel Corp. http://www.pingtel.com/ +1.781.938.5306 x162 or sip:[EMAIL PROTECTED] _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
