Woof!
On Fri, 12 Sep 2008 17:39:18 -0400, Andy Spitzer <[EMAIL PROTECTED]> wrote:
> On Fri, 12 Sep 2008 10:51:04 -0400, Andy Spitzer <[EMAIL PROTECTED]> wrote:
>
>> 2. It is SPECULATION on Ranga's part that the PAI header on the call
>> caused FreeSWITCH to do this. This may indeed be the case, but it is
>> not
>> confirmed. It may be something completely different.
>
> I just ran a test with the PAI header supressed. FreeSWITCH is still
> asking for auth. Thus, it is not the new PAI header, but something else
> that has changed that is causing this.
While I'm not 100% certain yet, I beleive the reason that FreeSWITCH is
now asking for authorization is due to the presence of the
"Proxy-Authenticate:" header. Previously any calls that hit FreeSWITCH
(either for conferencing or IVR) didn't need or have authentication from
the sipX proxy, and so that header was not in any of those calls. Then
sipX changed to require that ALL calls to be authenticated, so suddenly
calls to FreeSWITCH contained a "Proxy-Authenticate:" header, like this:
Proxy-Authorization: Digest username="207",realm="us.nortel.com",
nonce="348b3d16b0a7da287468e0579634adac48cfee6e",
uri="sip:[EMAIL PROTECTED]",
response="6a4f63cedfebf2632fbbfc4e6e5791f6",algorithm=MD5
My guess is that FreeSWITCH is seeing this header, trying to authenticate
it, and it cannot (as it doesn't have any of the information needed to do
so), so it challenges the auth with a "stale" flag and a new nonce:
Proxy-Authenticate: Digest realm="woof.us.nortel.com",
nonce="2c12e995-26f5-472b-9dbd-5fd6b0d5dfc5", stale="true",
algorithm=MD5, qop="auth"
This is still a working theory, but it seems to fit the facts.
--Woof!
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
