Hello,
Does anybody know in which situation the NONCE_REUSED return code for www_authenticate would appear? I understand the usage of the STALE_NONCE code, this is when the nonce expires and the servers sends a new nonce to the phone. But why is the NONCE_REUSED used and why does it occur sometimes? Should I reject or accept the registration when this code appears?
typedef enum auth_result { AUTH_ERROR = -5, /* Error occurred, a reply has not been sent out */ NO_CREDENTIALS, /* Credentials missing */ STALE_NONCE, /* Stale nonce */ INVALID_PASSWORD, /* Invalid password */ USER_UNKNOWN, /* User non existant */ ERROR, /* Error occurred, a reply has been sent out -> */ /* return 0 to the openser core */ AUTHORIZED, /* Authorized. If returned by pre_auth, */ /* no digest authorization necessary */ DO_AUTHORIZATION, /* Can only be returned by pre_auth. */ NONCE_REUSED /* Returned if nonce is used more than once */ /* Means to continue doing authorization */ } auth_result_t;
Many thanks, Catalina Oancea