Hi,
Regarding my previous e-mails please disregard them since I have fixed the problem. It was simply a miss configuration on my part, thanks to everyone that helped! I do however have another question regarding the same topic.
Currently I am using 'dbtext' for authentication and MD5 hash strings for password encryption. Everything is working correctly however I don't understand how authentication is working.
The subscribers file contains two MD5 hash strings, HA1 (username only) and HA1B (username and realm) and the password is not being stored as text. When I consult the SIP messages from my UA I notice the username and realm are being sent:
Authorization: Digest username="qaz",realm="my.domain.com",nonce="387925b86f0cb610949dcea9079a3042 1020169f",response="d0f5e24cb8c022667aff65889b883155",uri="sip:my.domain.com "
However the password isn't being sent. So how does authentication work? What is 'nonce' (above) and 'response'?
Is authentication based on CHAP? Thus: - UA sends username and realm (identifying user) - UA receives random unique challenge (response???) - UA sends challenge and password hash string - Authorization successful or not.
If CHAP is what is being used, I still can't figure out how the password is being extracted since MD5 hash strings can't be reverted. And the password is being sent together with the challenge this there's nothing to compare with.
I simply can't get my head around this.
Any help will be much appreciated.
Thanks, Istvan
Hello,
SIP uses WWW Digest authentication schema. All attributes included in authentication headers are defined by RFC2617 as well as the authentication logic. http://www.ietf.org/rfc/rfc2617.txt
Cheers, Daniel
On 03/16/06 18:12, Istvan Hubay Cebrian wrote:
Hi,
Regarding my previous e-mails please disregard them since I have fixed the problem. It was simply a miss configuration on my part, thanks to everyone that helped! I do however have another question regarding the same topic.
Currently I am using 'dbtext' for authentication and MD5 hash strings for password encryption. Everything is working correctly however I don't understand how authentication is working.
The subscribers file contains two MD5 hash strings, HA1 (username only) and HA1B (username and realm) and the password is not being stored as text. When I consult the SIP messages from my UA I notice the username and realm are being sent:
Authorization: Digest username="qaz",realm="my.domain.com",nonce="387925b86f0cb610949dcea9079a3042 1020169f",response="d0f5e24cb8c022667aff65889b883155",uri="sip:my.domain.com "
However the password isn't being sent. So how does authentication work? What is 'nonce' (above) and 'response'?
Is authentication based on CHAP? Thus:
- UA sends username and realm (identifying user)
- UA receives random unique challenge (response???)
- UA sends challenge and password hash string
- Authorization successful or not.
If CHAP is what is being used, I still can't figure out how the password is being extracted since MD5 hash strings can't be reverted. And the password is being sent together with the challenge this there's nothing to compare with.
I simply can't get my head around this.
Any help will be much appreciated.
Thanks, Istvan
-
Daniel-Constantin Mierla -
Istvan Hubay Cebrian