Hello, thank you for your response.

One of our sites resides in NW of a big provider. There are number of our 
servers in that site. Each one of these servers has its own "client number" 
with its own credentials. The provider sends to all of them challenge with the 
same realm. I can't distinguish credentials by realm, only by user portion of 
the request URI.
So the question is whether some rules exist for authorization or it's Registrar 
specific implementation who decides about the following scenario:

AA passes registration as Naa. BB isn't registered at all. Then AA sends "301 
Moved Permanently" as response to Invite. Contact in 301 is "[EMAIL PROTECTED]".
During the call BB invokes a new transaction and receives 407. It responses 
with Naa credentials.

I'd like to use 301 for load balance between non-trusted servers. But if it 
depends on provider I can't.

Thank you again. Sorry if it's a trivial question. 

Best Regards
Masha Dorfman

-----Original Message-----
From: Scott Lawrence [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 14, 2005 3:37 PM
To: Masha Dorfman
Cc: [email protected]
Subject: Re: [Sip-implementors] redirection and authentication interwork


On Thu, 2005-04-07 at 12:41 +0300, Masha Dorfman wrote:
> Hello,
> my question regards authentication dialog during redirected call.
> (sorry, if it was already discussed, I didn't find something about this 
> scenario)
>  
> Let's say there are two servers AA and BB. AA is registered and client sends 
> to it INVITE. Now AA redirects the call to BB. 
> Question 1. Should BB also be registered as separate target with own 
> credentials? Or maybe it depends on Client? 
> Generaly I don't see why it should be - New target address is found by AA, 
> Client sends Invite so it doesn't ask about authentication on this stage.
>  
> Now Client sends INVITE to BB. Neither AA no BB ask authentication and BB 
> receives INVITE. Call is established. After P&C dialog BB sends REFER to 
> Client. 
> Here Client answers with 407. 
> Question 2. What credentials should be used by BB? Can it be AA credentials?

The 407 will contain a 'realm' attribute - it should be the credentials
that match that realm.

-- 
Scott Lawrence, Consulting Engineer
Pingtel Corp.  http://www.pingtel.com/
+1.781.938.5306 x162 or sip:[EMAIL PROTECTED]


_______________________________________________
Sip-implementors mailing list
[email protected]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to