<p dir="ltr">Is the database shared? If so maybe when they authenticate add a secure token to the header that the second proxy can use for auth?</p>
<p dir="ltr">Just a suggestion not sure if its the answer your looking for or perhaps I didn't understand the scenario well enough.</p>
<div class="gmail_quote">On Nov 19, 2012 7:53 AM, "Andreas Granig" <<a href="mailto:agranig@sipwise.com">agranig@sipwise.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
There are lots of parameters controlling the creation of nonce values on<br>
a server, and I'm curious if there is a way to kind of "sync" them<br>
between servers.<br>
<br>
The use case would be to have a UA send for example its registration to<br>
Proxy1. Proxy1 would challenge it, UA will send the registration again,<br>
this time with credentials. Proxy1 would look up the user based on<br>
$au/$ar in the subscriber table, and if it's not found, will look up the<br>
responsible proxy from another table (with key being $au@$ar), forward<br>
it to Proxy2, which then would be able authenticate the user.<br>
<br>
The reason for this is that the auth credentials are unique across all<br>
servers and reliably identify a user, whereas for example From could be<br>
something else (e.g. in case of an IP-PBX sending a CLI in the<br>
From-userpart).<br>
<br>
Challenging the user on the second proxy again would theoretically be<br>
possible, but if the UA gets a 401 twice (once from Proxy1, once from<br>
Proxy2), it'll most likely pop up a password form for soft-clients, so I<br>
want to avoid that.<br>
<br>
Any ideas how to accomplish that?<br>
<br>
Andreas<br>
<br>
<br>
<br>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div>