I have a Boghe (v188.8.131.526) working fine with Kamailio with MD5 algorithm however fails to authenticate if I configure S-CSCF to use AKAv1-MD5. We have the same configuration on private user identity in FHoSS on both the succ MD5 run and failed AKAv1-MD5 run.
I wonder if anyone has faced this issue before. Here are some details on message exchanges: * S-CSCF included the challenge in 401 Unauthorized – Challenging the UE: WWW-Authenticate: Digest realm="example.example.org", nonce="rzGnTBGPw3hE+mDPHrZ1PAAAAAAApAAAmfftHqYUuUA=", algorithm=AKAv1-MD5, ck="629d6d9a6a6befa509b1a9bb17a9c2a3", ik="32fcd14a102279de2e38200a2257efcb", qop="auth,auth-int"\r\n * The same header was seen when 401 Unauth travelled through I-CSCF and P-CSCF (shouldn’t P-CSCF strips out the ck and ik fields before sending to UE?) * UE responded with another register with response: Authorization: Digest username="b...@example.example.org",realm="example.example.org",nonce="rzGnTBGPw3hE+mDPHrZ1PAAAAAAApAAAmfftHqYUuUA=",uri="sip:example.example.org",response="6445f9df2b785eab3fa461849880b48d",algorithm=AKAv1-MD5,cnonce="34baf441e99a23e0fcb2bc001355c4bf",qop=auth-int,nc=00000001\r\n * S-CSCF failed the calculation and sent back 403 Authentication Failed I tried AKAv2-MD5 setting as default algorithm on S-CSCF and the result is the same as above. It seems that only MD5 works on my setup. What are the different configs in HSS (or other places) AKAv1-MD5 need? I checked the AMF/OP on both HSS and Boghe and they match. Boghe does not have SQN setting but I set HSS to start with 0. Any pointers are appreciated! Yin
_______________________________________________ Kamailio (SER) - Users Mailing List email@example.com https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users