Awesome, thanks for the clarification!

From: Daniel-Constantin Mierla <mico...@gmail.com>
Sent: Sunday, June 10, 2018 11:35 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>; Skip 
Morse <gmo...@godaddy.com>
Subject: Re: [SR-Users] Disable basic authentication?


Hello,

SIP uses only digest auth, basic auth is not implemented by clients or servers.

Cheers,
Daniel

On 08.06.18 21:41, Skip Morse wrote:
Hi All,

I couldn't get a clear answer from the documentation. Based on the description 
of www_authenticate and proxy_authenticate:

" The function verifies credentials according to RFC2617. If the credentials 
are verified successfully then the function will succeed and mark the 
credentials as authorized (marked credentials can be later used by some other 
functions). If the function was unable to verify the credentials for some 
reason then it will fail and the script should call www_challenge which will 
challenge the user again."

The RFC outlines basic and digest auth. Is there a way to disable the ability 
for a UA to use basic auth? Or maybe these is disabled already?

I'm likely understanding this wrong, it seems to me that it's allowed for a UA 
to auth with basic even if the challenge is for digest. Any clarification would 
be helpful.

Thanks!
-Skip




_______________________________________________

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



--

Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>

www.twitter.com/miconda<http://www.twitter.com/miconda> -- 
www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>

Kamailio World Conference -- www.kamailioworld.com<http://www.kamailioworld.com>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to