On Thursday 22 May 2008, Ahmed Huraimel wrote: > i am investigating the authentication on openSER. I search for a proper > explanations but unfortunately i did not find how it is exactly done so i > did some experiments. i assumed that the response is generated as the > following: note that i set the username and password with the same string > "alali" > > Response = MD5( username + MD5(password) + realm + nonce) > [..] > could anyone tell me how exactly the authentication is done in openSER? is > the response generated is like the one i assumed? what + means in the > response? does is mean concatenation or exoring?
Hi Ahmed, the authentification in OpenSER/ SIP is based on HTTP auth. You find a detailed explanation for the construction of the response for example at: http://en.wikipedia.org/wiki/Digest_access_authentication , some further informations at: http://www.voip-info.org/wiki/view/SIP+Authentication For the exact logic inside OpenSER just take a look at the auth module source code, it should be not that hard to understand. ;-) Cheers, Henning _______________________________________________ Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
