< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

Re: [reSIProcate] ServerAuthentication questions


...inline...

FYI - my knowledge of the fine details of digest authentication is not very strong.

On Fri, Oct 22, 2010 at 6:42 AM, Robert Szokovacs <rszokovacs@xxxxxxxxxxxxxxx> wrote:
Hi,

I'm creating a server with authentication and there are some things in the
resip/dum code I don't understand completely:

There is a function called ServerAuthManager::useAuthInt() which if returns
true, causes resip to include the qop parameter in the challenge (it include
"auth,auth-int"), requesting the client to use RFC 2617 style authentication
and if it returns false, the qop parameter is omitted, causing the client to
revert to RFC 2069. So there is no way to request only "auth" or even to force
"auth-int" currently?

I thought the default was "auth" if qop was missing - but I'm not 100% sure.  There is currently no way to request auth-int only.
 
I didn't find in the source the part where the server checks for replay
attacks, using the nonce-count parameter. Is it really missing? If no, can
somebody point me to it? If yes, are there plans to include it or it's up to
me?

I don't see that implemented either.  I don't know of anyone currently working on this. If you end up working it, it would be great if you could contribute an implementation of this back to resip.  : )
 
TIA

br

Szo
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel