> From: Paul Kyzivat > > I don't think the concept of challenging based on all the realms the > server supports, and expecting the caller to pick one, works. If the > caller receives a 407 Proxy Authenticate with multiple challenges, I > believe it will think it must provide credentials for *each* > challenge, > rather than just picking one. (Normally this case would arise > because of > challenges from multiple independent proxies.) Perhaps the > situation is > different for a 401 response, but I doubt it.
I would expect that if the caller receives a 401/407, then it would supply credentials it has for any realms mentioned, since it has no way of knowing which credentials are needed (and for which stages of processing). Of course, it doesn't know if the credentials it has suffices to gain access, but it has no way of knowing that anyway. I suspect that in practice a UA has one or a very few credentials, and probably just sends them all if it is responding to a 401/407. Dale _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
