Re: [reSIProcate] Digest credentials for many different usernames fromsingle realm
Proxies can challenge all requests - not just registrations (ie. INVITE
requests). In these cases using the To header is pretty misleading.
> -----Original Message-----
> From: Dmitry Semyonov [mailto:dsemyonov@xxxxxxx]
> Sent: Thursday, September 28, 2006 12:50 PM
> To: Scott Godin
> Cc: resiprocate-devel
> Subject: RE: [reSIProcate] Digest credentials for many different
> usernames fromsingle realm
>
> Scott,
>
> On Thu, 28 Sep 2006 at 11:54 -0400, Scott Godin wrote:
>
> > > Auth user is not exposed in 401/407 responses. Therefore I'm going
> > > to match user (which will be a new parameter of
> > > UserProfile::setDigetsCredential()) with user from the To header.
> > > (Note that matching with From does not solve my problem.)
> >
> > I am concerned about this. Although it may solve your particular
> > problem, I don't think using the To: header is a good general
> > solution, and one that should be committed to SVN. In general you
> > are providing credentials about yourself, and the most appropriate
> > spot to get that info is the From header - definitely not the To
> > header. Perhaps you should be looking at overriding UserProfile
> > with a customer version of getDigestCredential for your purposes.
>
> When you register with SIP registrar you pass your AOR in the To
> header. Obviously, everything will work as before.
>
> When you're calling to several end-points, every UAS (not proxy!) may
> return 401. The From header will be the same for all the responses.
>
> With my implementation at this point you get the flexibility to either
> provide different credentials for each end-point by calling aforehand:
>
> setDigestCredential(realm, user1, authuser1, passwd1);
> setDigestCredential(realm, user2, authuser2, passwd2);
> setDigestCredential(realm, user3, authuser3, passwd3);
>
> or provide the same (possibly your own) credential for everybody by
>
> setDigestCredential(realm, user1, authuser, passwd);
> setDigestCredential(realm, user2, authuser, passwd);
> setDigestCredential(realm, user3, authuser, passwd);
>
> or alternatively by
>
> setDigestCredential(realm, authuser, passwd).
>
> Note that proposed change does not break any existing functionality,
> but rather adds a good degree of flexibility to the DUM authentication
> mechanism.
>
> --
> ...Bye..Dmitry.