< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] Digest credentials for many different usernames fromsingle realm


Scott,

On Thu, 28 Sep 2006 at 11:54 -0400, Scott Godin wrote:

> > Auth user is not exposed in 401/407 responses. Therefore I'm going 
> > to match user (which will be a new parameter of 
> > UserProfile::setDigetsCredential()) with user from the To header. 
> > (Note that matching with From does not solve my problem.)
> 
> I am concerned about this.  Although it may solve your particular 
> problem, I don't think using the To: header is a good general 
> solution, and one that should be committed to SVN.  In general you 
> are providing credentials about yourself, and the most appropriate 
> spot to get that info is the From header - definitely not the To 
> header.  Perhaps you should be looking at overriding UserProfile 
> with a customer version of getDigestCredential for your purposes.

When you register with SIP registrar you pass your AOR in the To 
header. Obviously, everything will work as before.

When you're calling to several end-points, every UAS (not proxy!) may 
return 401. The From header will be the same for all the responses. 

With my implementation at this point you get the flexibility to either 
provide different credentials for each end-point by calling aforehand:

  setDigestCredential(realm, user1, authuser1, passwd1);
  setDigestCredential(realm, user2, authuser2, passwd2);
  setDigestCredential(realm, user3, authuser3, passwd3);

or provide the same (possibly your own) credential for everybody by

  setDigestCredential(realm, user1, authuser, passwd);
  setDigestCredential(realm, user2, authuser, passwd);
  setDigestCredential(realm, user3, authuser, passwd);

or alternatively by

  setDigestCredential(realm, authuser, passwd).

Note that proposed change does not break any existing functionality, 
but rather adds a good degree of flexibility to the DUM authentication 
mechanism.

-- 
...Bye..Dmitry.