Re: [reSIProcate] Digest credentials for many different usernames fromsingle realm
- From: Dmitry Semyonov <dsemyonov@xxxxxxx>
- Date: Thu, 28 Sep 2006 21:20:11 +0400 (MSD)
On Thu, 28 Sep 2006 at 12:54 -0400, Scott Godin wrote:
> Proxies can challenge all requests - not just registrations (ie. INVITE
> requests). In these cases using the To header is pretty misleading.
Good spot. Well, so I'll need to pick up either From or To header
based on method (REGISTER or not) and presence of Proxy-Authenticate
header. I think this should work with all standard compliant proxies.
> > -----Original Message-----
> > From: Dmitry Semyonov [mailto:dsemyonov@xxxxxxx]
> > Sent: Thursday, September 28, 2006 12:50 PM
> >
> > On Thu, 28 Sep 2006 at 11:54 -0400, Scott Godin wrote:
> >
> > > > Auth user is not exposed in 401/407 responses. Therefore I'm going
> > > > to match user (which will be a new parameter of
> > > > UserProfile::setDigetsCredential()) with user from the To header.
> > > > (Note that matching with From does not solve my problem.)
> > >
> > > I am concerned about this. Although it may solve your particular
> > > problem, I don't think using the To: header is a good general
> > > solution, and one that should be committed to SVN. In general you
> > > are providing credentials about yourself, and the most appropriate
> > > spot to get that info is the From header - definitely not the To
> > > header. Perhaps you should be looking at overriding UserProfile
> > > with a customer version of getDigestCredential for your purposes.
> >
> > When you register with SIP registrar you pass your AOR in the To
> > header. Obviously, everything will work as before.
> >
> > When you're calling to several end-points, every UAS (not proxy!) may
> > return 401. The From header will be the same for all the responses.
--
...Bye..Dmitry.