On Thu, Oct 27, 2011 at 6:18 PM, Domenico Chierico <[email protected]> wrote: > today I've done some work on this issue, the conclusion is that for fix > this we need to take a design decision. > > The exact problem is that when someone uses an alias into the > authentication, the browser encodes the password with support of the > alias and the realm, instead on the server side we have the password > pre-encoded with the support of username and realm so this field can't > never match when we build digest.
Thanks for investigating this issue! > > So for mine knowledge of the system we have 2 choices: > > 1) to store passwd in clear text into db and encoding it on fly using > exact alias > 2) to store encripted password for each alias. This will require to > reisert the passwd each time we change the alias set. > Point 2 makes more sense to me. However this is a major change and risky for 4.4. > we have still another options that is to force basic auth for alias and > not digset one. > IMO we could live with this limitation, as you noticed basic auth for alias is already supported so no change required in code. One could write a rest web service to be called with alias basic auth and to return username associated. Then subsequent rest calls can be done using digest auth and the username. Other opinions? George _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
