Hello,
SIP uses WWW Digest authentication schema. All attributes included in
authentication headers are defined by RFC2617 as well as the
authentication logic.
http://www.ietf.org/rfc/rfc2617.txt
Cheers,
Daniel
On 03/16/06 18:12, Istvan Hubay Cebrian wrote:
Hi,
Regarding my previous e-mails please disregard them since I have fixed the
problem. It was simply a miss configuration on my part, thanks to everyone
that helped! I do however have another question regarding the same topic.
Currently I am using 'dbtext' for authentication and MD5 hash strings for
password encryption. Everything is working correctly however I don't
understand how authentication is working.
The subscribers file contains two MD5 hash strings, HA1 (username only) and
HA1B (username and realm) and the password is not being stored as text. When
I consult the SIP messages from my UA I notice the username and realm are
being sent:
Authorization: Digest
username="qaz",realm="my.domain.com",nonce="387925b86f0cb610949dcea9079a3042
1020169f",response="d0f5e24cb8c022667aff65889b883155",uri="sip:my.domain.com
"
However the password isn't being sent. So how does authentication work? What
is 'nonce' (above) and 'response'?
Is authentication based on CHAP? Thus:
- UA sends username and realm (identifying user)
- UA receives random unique challenge (response???)
- UA sends challenge and password hash string
- Authorization successful or not.
If CHAP is what is being used, I still can't figure out how the password is
being extracted since MD5 hash strings can't be reverted. And the password
is being sent together with the challenge this there's nothing to compare
with.
I simply can't get my head around this.
Any help will be much appreciated.
Thanks,
Istvan
_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users
