Hi,

If topos is activated and kamailio responds with a 407 "proxy authentication required" to an initial INVITE, INVITE received after with credentials (MD5 response in Proxy-Authorization header) is badly managed. Credentials are never validated and Kamailio responds 407 again. If topoh is used instead topos all works fine and credentials are validated.

call flow is:
Phone sends INVITE to kamailio SBC
kamailio respond 407  "proxy authentication required" because SBC wants to authenticate caller
Phone resends INVITE with Proxy-Authorization header with all valid information
kamailio responds 407 again instead forwarding INVITE.

My code:
if (!pv_auth_check("$fd", "$sht(auth_cache=>$var(key))", "0", "1")) {
    auth_challenge("$fd", “1”);
    exit;
}
# user authenticated - remove auth header
consume_credentials();

So if topos is used, pv_auth_check always returns false even if the phone sets valid information.
If topoh is activated, pv_auth_check always returns true (same phone and same kamailio SBC versioning)

I made my tests with kamailio 5.4.3 on centos 7.

Regards,
Frédéric Gaisnon