24 May
2005
24 May
'05
10:25 a.m.
From RFC3261:
20.27 Proxy-Authenticate
A Proxy-Authenticate header field value contains an authentication
challenge.
The use of this header field is defined in [H14.33]. See Section
22.3 for further details on its usage.
Example:
Proxy-Authenticate: Digest realm="atlanta.com",
domain="sip:ss1.carrier.com", qop="auth",
nonce="f84f1cec41e6cbe5aea9c8e88d359",
opaque="", stale=FALSE, algorithm=MD5
My question revolves around the domain="sip:ss1.carrier.com" field. I notice
that SER does not
use the option, however I have another proxy that does. I have searched for information
about
this field, but not able to get the information I need. Why would you use a realm and
domain
field at the same time? Is 1 preferred to another? Should both be used?
Any help would be great.
PB
30 May
30 May
1:38 p.m.
From RFC2617:
domain
A quoted, space-separated list of URIs, as specified in RFC XURI
[7], that define the protection space. If a URI is an
abs_path, it is relative to the canonical root URL (see section 1.2
above) of the server being accessed. An absoluteURI in this
list may refer to a different server than the one being accessed.
The client can use this list to determine the set of URIs for which
the same authentication information may be sent: any URI that has a
URI in this list as a prefix (after both have been made absolute)
may be assumed to be in the same protection space. If this directive
is omitted or its value is empty, the client should assume that the
protection space consists of all URIs on the responding server.
This directive is not meaningful in Proxy-Authenticate headers, for
which the protection space is always the entire proxy; if present
it should be ignored.
So a proxy server can restrict the set of URIs to which the credentials
can be applied even more -- SER does not support this parameter and I
have never seen any user agent that would support it.
Jan.
On 24-05-2005 10:25, Paul Belanger wrote:
From RFC3261:
20.27 Proxy-Authenticate
A Proxy-Authenticate header field value contains an authentication
challenge.
The use of this header field is defined in [H14.33]. See Section
22.3 for further details on its usage.
Example:
Proxy-Authenticate: Digest realm="atlanta.com",
domain="sip:ss1.carrier.com", qop="auth",
nonce="f84f1cec41e6cbe5aea9c8e88d359",
opaque="", stale=FALSE, algorithm=MD5
My question revolves around the domain="sip:ss1.carrier.com" field. I notice
that SER does not
use the option, however I have another proxy that does. I have searched for information
about
this field, but not able to get the information I need. Why would you use a realm and
domain
field at the same time? Is 1 preferred to another? Should both be used?
Any help would be great.
PB
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7204
days inactive
7210
days old
1 comments
2 participants
participants (2)
-
Jan Janak -
Paul Belanger