Re: [reSIProcate] Digest credentials for many different usernames fromsingle realm
I would like to see this change. Although I vaguely remember starting
to do this myself a long while back and others had a reason that we
didn't really need it. Is anyone opposed to this?
I think the search order should be:
1. Find a credential where both user and realm match.
2. If not found, return first credential with realm match.
3. If not found, return first credential with user match.
4. If not found, return first credential.
I think it is fairly common for proxies to get the realm stuff wrong, so
we need some kind of fallback when the realm doesn't match.
I guess you are planning to match Auth user with the user in the From
header?
Scott
-----Original Message-----
From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
Dmitry Semyonov
Sent: Wednesday, September 27, 2006 9:25 AM
To: resiprocate-devel
Subject: [reSIProcate] Digest credentials for many different usernames
fromsingle realm
Hello all.
Background.
Sipura phone could be forced to resynchronize with provisioning
server by sending unsolicited NOTIFY request to the phone with
"resync" Event header. Note that Sipura authorizes such request with
its own credentials. I.e. username, auth username and password values
are different for each phone even if all the phones are from the same
realm.
Problem.
There is a limitation in DUM - it allows only single credential per
realm. Therefore, such NOTIFY requests could not be sent to several
phones simultaneously using single UserProfile. A workaround could be
to create separate profile for each new request, but I would like to
avoid such approach on the server side with potentially tenths of
thousands phones.
Proposal.
I propose to extend UserProfile interface to allow setting, getting
and clearing of credentials based not only on realm value but also on
username (don't confuse with auth username!). It will be also
necessary to modify ClientAuthManager to retrieve credentials using
username from To header field of 401/407 response in addition to
realm value.
What do you think? Will you accept a patch for this feature?
--
...Bye..Dmitry.
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel