From: "Joseph C T - NPD, Chennai" <[EMAIL PROTECTED]> Assume there are two proxies. As per the above statement the UAC needs to send two credentials when the second proxy authenticates.
Now the question is how does the UAC know the second challenge was from the second proxy(assuming the first proxy authenticated successfully)? Secondly,how can the UAC send the same crendentials for the second proxy, having the same realm(nonce may be different) Can anyone through some light on this. As far as I can see, what is intended is this: The UAC sends the request. It is forked by proxy P to two proxies, P1 and P2, each of which responds with 407, giving the same realm but different nonces. P collates the two 407 responses into one 407 response with two Proxy-Authenticate headers, one from each of the 407 responses from P1 and P2. P sends the combined 407 to UAC. The UAC constructs a second try request, including two Authorization headers. Both use the same realm, user, and password, but one uses the nonce from one Proxy-Authenticate, and one uses the nonce from the other. (The UAC does not know the origin of the Proxy-Authenticate's, it just responds appropriately to each of them.) (It is because of the clause "The same credentials SHOULD be used for the same realm." that both Authorization headers should use the same user/password.) P forks this request to P1 and P2. P1 accepts the request because of the first Authorization header, and P2 accepts the request because of the second Authorization header. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
