[reSIProcate] ServerAuthentication questions
Scott Godin
sgodin at sipspectrum.com
Tue Nov 9 16:31:05 CST 2010
...inline...
FYI - my knowledge of the fine details of digest authentication is not very
strong.
On Fri, Oct 22, 2010 at 6:42 AM, Robert Szokovacs <
rszokovacs at gammatelecom.hu> wrote:
> Hi,
>
> I'm creating a server with authentication and there are some things in the
> resip/dum code I don't understand completely:
>
> There is a function called ServerAuthManager::useAuthInt() which if returns
> true, causes resip to include the qop parameter in the challenge (it
> include
> "auth,auth-int"), requesting the client to use RFC 2617 style
> authentication
> and if it returns false, the qop parameter is omitted, causing the client
> to
> revert to RFC 2069. So there is no way to request only "auth" or even to
> force
> "auth-int" currently?
>
I thought the default was "auth" if qop was missing - but I'm not 100% sure.
There is currently no way to request auth-int only.
> I didn't find in the source the part where the server checks for replay
> attacks, using the nonce-count parameter. Is it really missing? If no, can
> somebody point me to it? If yes, are there plans to include it or it's up
> to
> me?
>
I don't see that implemented either. I don't know of anyone currently
working on this. If you end up working it, it would be great if you could
contribute an implementation of this back to resip. : )
> TIA
>
> br
>
> Szo
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20101109/42bbfaf7/attachment.htm>
More information about the resiprocate-devel
mailing list