today I've done some work on this issue, the conclusion is that for fix this we need to take a design decision.
The exact problem is that when someone uses an alias into the authentication, the browser encodes the password with support of the alias and the realm, instead on the server side we have the password pre-encoded with the support of username and realm so this field can't never match when we build digest. So for mine knowledge of the system we have 2 choices: 1) to store passwd in clear text into db and encoding it on fly using exact alias 2) to store encripted password for each alias. This will require to reisert the passwd each time we change the alias set. we have still another options that is to force basic auth for alias and not digset one. Domenico Chierico _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
