<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>[Serusers] Digest Authentication</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText74530 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Try these inclusions pls for
a simple straight forward Digest Auth...</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr>modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr># main routing logic</DIV>
<DIV dir=ltr>route{</DIV>
<DIV dir=ltr>if(!proxy_authorize("<STRONG>yourdomain</STRONG>.com" /* realm
*/,<BR>
"subscriber" /* table name */
))<BR>{<BR>proxy_challenge("<STRONG>yourdomain</STRONG>.com",
"0");<BR>break;<BR>}</DIV>
<DIV dir=ltr>sl_send_reply("200", "ok");</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>karthikeyan.k<BR><BR></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2><BR></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> serusers-bounces@lists.iptel.org on behalf of
Magnus Sörman (AL/EAB)<BR><B>Sent:</B> Thu 12/30/2004 3:45 PM<BR><B>To:</B>
'serusers@lists.iptel.org'<BR><B>Subject:</B> [Serusers] Digest
Authentication<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hi,<BR><BR>I need some help with digest authentication.<BR>When
I uncomment those lines in ser.cfg, the register msg stops to work. In the
trace, see below, you can see the nonce being sent in the re-register msg, but
the server still responds with 401 Unauthorized. I've tried with both 0 and 1 in
the www_challenge.<BR><BR>Without the digest authentication the register works
fine.<BR><BR>Thanks in advance,<BR> //Magnus<BR><BR>ser.cfg (ser 0.8.12
running on a Fedora box. Used for test purpose
only):<BR>====================================================<BR># -----------
global configuration parameters
------------------------<BR><BR>#debug=3
# debug level (cmd line:
-dddddddddd)<BR>#fork=yes<BR>#log_stderror=no
# (cmd line: -E)<BR><BR>/* Uncomment these lines to enter debugging
mode<BR>debug=7<BR>fork=no<BR>log_stderror=yes<BR>*/<BR><BR>check_via=no
# (cmd. line:
-v)<BR>dns=no #
(cmd. line: -r)<BR>rev_dns=no # (cmd. line:
-R)<BR>#port=5060<BR>#children=4<BR>fifo="/tmp/ser_fifo"<BR><BR>sip_warning=no<BR><BR>alias="sip_server_ip"<BR><BR>#
------------------ module loading ----------------------------------<BR><BR>#
Uncomment this if you want to use SQL database<BR>loadmodule
"/usr/lib/ser/modules/mysql.so"<BR><BR>loadmodule
"/usr/lib/ser/modules/sl.so"<BR>loadmodule
"/usr/lib/ser/modules/tm.so"<BR>loadmodule
"/usr/lib/ser/modules/rr.so"<BR>loadmodule
"/usr/lib/ser/modules/maxfwd.so"<BR>loadmodule
"/usr/lib/ser/modules/usrloc.so"<BR>loadmodule
"/usr/lib/ser/modules/registrar.so"<BR><BR>loadmodule
"/usr/lib/ser/modules/pa.so"<BR><BR># Uncomment this if you want digest
authentication<BR># mysql.so must be loaded !<BR>loadmodule
"/usr/lib/ser/modules/auth.so"<BR>loadmodule
"/usr/lib/ser/modules/auth_db.so"<BR><BR># ----------------- setting
module-specific parameters ---------------<BR><BR># -- usrloc params
--<BR><BR>#modparam("usrloc", "db_mode", 0)<BR><BR># Uncomment this
if you want to use SQL database<BR># for persistent storage and comment the
previous line<BR>modparam("usrloc", "db_mode", 2)<BR><BR># -- auth params
--<BR># Uncomment if you are using auth module<BR>#<BR>modparam("auth_db",
"calculate_ha1", yes)<BR>#<BR># If you set "calculate_ha1" parameter to yes
(which true in this config),<BR># uncomment also the following
parameter)<BR>#<BR>modparam("auth_db", "password_column", "password")<BR><BR>#
-- rr params --<BR># add value to ;lr param to make some broken UAs
happy<BR>modparam("rr", "enable_full_lr", 1)<BR><BR><BR>#
------------------------- request routing logic
-------------------<BR><BR># main routing
logic<BR><BR>route{<BR><BR> # initial
sanity checks -- messages with<BR> #
max_forwards==0, or excessively long
requests<BR> if
(!mf_process_maxfwd_header("10"))
{<BR>
sl_send_reply("483","Too Many
Hops");<BR>
break;<BR>
};<BR> if ( msg:len > max_len )
{<BR>
sl_send_reply("513", "Message too
big");<BR>
break;<BR>
};<BR><BR> # we record-route all
messages -- to make sure that<BR> #
subsequent messages will go through our proxy;
that's<BR> # particularly good if
upstream and downstream entities<BR> #
use different transport protocol<BR>
record_route();<BR> # loose-route
processing<BR> if (loose_route())
{<BR>
t_relay();<BR>
break;<BR>
};<BR><BR> # if the request is for
other domain use UsrLoc<BR> # (in
case, it does not work, use the following
command<BR> # with proper names and
addresses in it)<BR><BR> if (uri ==
myself ) {<BR><BR>
if (method=="SUBSCRIBE")
{<BR>
if(t_newtran()){<BR>
handle_subscription("registrar");<BR>
break;<BR>
};<BR>
};<BR>
<BR>
if (method=="REGISTER") {<BR><BR>#
Uncomment this if you want to use digest
authentication<BR>
if (!www_authorize("sip_server_ip",
"subscriber")) {<BR>
www_challenge("sip_server_ip",
"1");<BR>
break;<BR>
};<BR>
save("location");<BR>
break;<BR>
};<BR><BR>
# native SIP destinations are handled
using our USRLOC DB<BR>
if (!lookup("location"))
{<BR>
sl_send_reply("404", "Not
Found");<BR>
break;<BR>
};<BR>
};<BR> # forward to current uri now;
use stateful forwarding; that<BR> #
works reliably even if we forward from TCP to
UDP<BR> if (!t_relay())
{<BR>
sl_reply_error();<BR>
};<BR><BR>}<BR><BR>Register trace:<BR>==========<BR>REGISTER sip:sip_server_ip
SIP/2.0<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip><BR>Contact: "Magnus"
<sip:magnus@local_pc_ip:5060><BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6590
REGISTER<BR>Expires: 1800<BR>Max-Forwards: 70<BR>User-Agent: X-Lite release
1103m<BR>Content-Length: 0<BR><BR>SIP/2.0 401 Unauthorized<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport=5060;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0d0e<BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6590
REGISTER<BR>WWW-Authenticate: Digest realm="sip_server_ip",
nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"<BR>Server: Sip
EXpress router (0.8.12 (i386/linux))<BR>Content-Length: 0<BR><BR>REGISTER
sip:sip_server_ip SIP/2.0<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport;branch=z9hG4bK1813C486770C442BB51E58686A61921F<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip><BR>Contact: "Magnus"
<sip:magnus@local_pc_ip:5060><BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6591
REGISTER<BR>Expires: 1800<BR>Authorization: Digest
username="magnus",realm="sip_server_ip",nonce="41d1321431d402c1af9617eb73deccbce7e532d5",response="27ea80aed1b9f5086b396c8f86bcec60",uri="sip:sip_server_ip",qop=auth,cnonce="9F5BBA98D6724D909C6560E8A045A300",nc=00000006<BR>Max-Forwards:
70<BR>User-Agent: X-Lite release 1103m<BR>Content-Length: 0<BR><BR>SIP/2.0 401
Unauthorized<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport=5060;branch=z9hG4bK1813C486770C442BB51E58686A61921F<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.9cf2<BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6591
REGISTER<BR>WWW-Authenticate: Digest realm="sip_server_ip",
nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"<BR>Server: Sip
EXpress router (0.8.12 (i386/linux))<BR>Content-Length:
0<BR><BR>_______________________________________________<BR>Serusers mailing
list<BR>serusers@lists.iptel.org<BR><A
href="http://lists.iptel.org/mailman/listinfo/serusers">http://lists.iptel.org/mailman/listinfo/serusers</A><BR></FONT></P></DIV>
</BODY>
</HTML>
<table><tr><td bgcolor=#ffffff><font color=#000000><br>
<br>
Confidentiality Notice <br>
<br>
The information contained in this electronic message and any attachments to this message are intended<br>
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If<br>
you are not the intended recipient, please notify the sender at Wipro or Mailadmin@wipro.com immediately<br>
and destroy all copies of this message and any attachments.<br>
</font></td></tr></table>