On Fri, 2010-04-30 at 08:19 -0700, George Niculae wrote: > --- On Thu, 4/29/10, Andy Spitzer (JIRA) <[email protected]> wrote: > > Will that work with standard SOAP clients? They all > > accept a cleartext username/password, and provide it when > > challenged, either with BASIC or Digest depending on what > > the server asks for. If it asks for Digest, yet > > expects something different in the response, it doesn't seem > > like that'll work. > > > > --Woof! > > This is wrt XX-8253: as Woof! figured out, there are some issues with > digest auth in sipx. Checking Acegi ref > ( http://www.acegisecurity.org/guide/springsecurity.html#digest ) > looks like digest auth process needs clear text passwords in > authentication providers, and is not our case.
The acegi implementation of digest may need cleartext passwords in the provider, but the standard does not. It can be implemented such that the server needs only H(A1), which is BASE64(MD5(user:realm:password)). JAIN-SIP implements digest... perhaps you could use its implementation? _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
