From RFC2617:
domain A quoted, space-separated list of URIs, as specified in RFC XURI [7], that define the protection space. If a URI is an abs_path, it is relative to the canonical root URL (see section 1.2 above) of the server being accessed. An absoluteURI in this list may refer to a different server than the one being accessed. The client can use this list to determine the set of URIs for which the same authentication information may be sent: any URI that has a URI in this list as a prefix (after both have been made absolute) may be assumed to be in the same protection space. If this directive is omitted or its value is empty, the client should assume that the protection space consists of all URIs on the responding server.
This directive is not meaningful in Proxy-Authenticate headers, for which the protection space is always the entire proxy; if present it should be ignored.
So a proxy server can restrict the set of URIs to which the credentials can be applied even more -- SER does not support this parameter and I have never seen any user agent that would support it.
Jan.
On 24-05-2005 10:25, Paul Belanger wrote:
From RFC3261:
20.27 Proxy-Authenticate
A Proxy-Authenticate header field value contains an authentication challenge.
The use of this header field is defined in [H14.33]. See Section 22.3 for further details on its usage.
Example:
Proxy-Authenticate: Digest realm="atlanta.com", domain="sip:ss1.carrier.com", qop="auth", nonce="f84f1cec41e6cbe5aea9c8e88d359", opaque="", stale=FALSE, algorithm=MD5My question revolves around the domain="sip:ss1.carrier.com" field. I notice that SER does not use the option, however I have another proxy that does. I have searched for information about this field, but not able to get the information I need. Why would you use a realm and domain field at the same time? Is 1 preferred to another? Should both be used?
Any help would be great.
PB
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers