Re: [reSIProcate] Digest credentials for many different usernames fromsingle realm
- From: Dmitry Semyonov <dsemyonov@xxxxxxx>
- Date: Thu, 28 Sep 2006 20:50:22 +0400 (MSD)
Scott,
On Thu, 28 Sep 2006 at 11:54 -0400, Scott Godin wrote:
> > Auth user is not exposed in 401/407 responses. Therefore I'm going
> > to match user (which will be a new parameter of
> > UserProfile::setDigetsCredential()) with user from the To header.
> > (Note that matching with From does not solve my problem.)
>
> I am concerned about this. Although it may solve your particular
> problem, I don't think using the To: header is a good general
> solution, and one that should be committed to SVN. In general you
> are providing credentials about yourself, and the most appropriate
> spot to get that info is the From header - definitely not the To
> header. Perhaps you should be looking at overriding UserProfile
> with a customer version of getDigestCredential for your purposes.
When you register with SIP registrar you pass your AOR in the To
header. Obviously, everything will work as before.
When you're calling to several end-points, every UAS (not proxy!) may
return 401. The From header will be the same for all the responses.
With my implementation at this point you get the flexibility to either
provide different credentials for each end-point by calling aforehand:
setDigestCredential(realm, user1, authuser1, passwd1);
setDigestCredential(realm, user2, authuser2, passwd2);
setDigestCredential(realm, user3, authuser3, passwd3);
or provide the same (possibly your own) credential for everybody by
setDigestCredential(realm, user1, authuser, passwd);
setDigestCredential(realm, user2, authuser, passwd);
setDigestCredential(realm, user3, authuser, passwd);
or alternatively by
setDigestCredential(realm, authuser, passwd).
Note that proposed change does not break any existing functionality,
but rather adds a good degree of flexibility to the DUM authentication
mechanism.
--
...Bye..Dmitry.