Bogdan, from my humble understanding so far there might be an easier way than to follow the entire dialog.
As far as I understand RFC3261 section 22.3 second paragraph, all authorisation challenges by the UAS should be forwarded to the originating UAC. The current intention of the uac-module is however to catch the 401/407 challenge of the UAS in the failure_route and answer on the UACs behalf. The UAC receives nothing and does therefore not increase the cseq value. That way the problem of the non-matching cseq numbers occurs. The RFC explicitly mentions this problem in paragraph 3. It appears to me that one could indeed forward the 401/407 challenge to the UAC, hoping that the UAC knows how to answer such challenge, and modify the UACs proxy-authorisation credentials response on the way back to the UAS. The credentials which need to be modified can be identified by the realm. In essence, whenever openser receives such proxy-authorisation credentials on an INVITE where the realm matches any of the realms stored in openser and also the call-id matches that of the forwarded challenge then these credentials are modified and relayed to the UAS. So all what one would need would be some method similar to uac_auth which does not add crednetials but modifyies credentials when there is a match with stored credentials. Would that be doable or am I "jumping" too quickly here ? Cheers Gerry ----- Original Message ----- From: "Bogdan-Andrei Iancu" <[EMAIL PROTECTED]> To: "G.Jacobsen" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, May 30, 2006 10:42 AM Subject: [Bulk] Re: [Users] uac_auth cseq workaround - ANY ? > Hi Gerry, > > not incrementing the cseq number during authentication is a known > limitation of the uac module. A solution will require dialog persistence > on server (cseq number spreads across the entire dialog) - and this is > only in the early stages....:( > I'm afraid there is no work around.... > > regards, > bogdan > > G.Jacobsen wrote: > > > Hello, > > > > I am trying to use the uac_auth function against an asterisk box and > > receive 488 not acceptable here. > > > > It appears that this is not due to a media problem since the client > > which is routed through openser can issue an authenticated invite > > without problems when registered directly with the asterisk box - with > > exactly the the same media settings. > > > > So I supect that this 488 message is due to the fact that openser does > > not increase the cseq during authentication causing asterisk to issue > > a 488 after the correct response to the challenge. > > > > What are my workaround options to authenticate openser against > > asterisk (or any other RFC compliant proxy) ? > > > > ANY practical hints would be highly appreciated. > > > > TIA for your help. > > > > Gerry > > > > > >------------------------------------------------------------------------ > > > >_______________________________________________ > >Users mailing list > >[email protected] > >http://openser.org/cgi-bin/mailman/listinfo/users > > > > > ___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
