Maybe we should merge the docs from 1.5, the docs are much better:
"Secret phrase used to calculate the nonce value.
The default is to use a random value generated from the random source in the core.
If you use multiple servers in your installation, and would like to authenticate on the second server against the nonce generated at the first one its necessary to explicitly set the secret to the same value on all servers. However, the use of a shared (and fixed) secret as nonce is insecure, much better is to stay with the default. Any clients should send the reply to the server that issued the request."
2012/11/19 Andreas Granig agranig@sipwise.com:
Thanks Olle and Carsten,
On 11/19/2012 03:27 PM, Carsten Bock wrote:
short question: Why don't you use a shared secret to create a nonce value?
http://kamailio.org/docs/modules/devel/modules/auth.html#auth.secret
I've noticed this "secret" parameter, but the documentation is a bit brief on the exact meaning of it, thus my question on the list.
If this setting is really doing what we all think it is doing, then that'll be great! :)
I'll just try it out...
Andreas
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users