It may be my lack of understanding, but I moved from using auth_check function to
www_authenticate function and now see kamailio sending qop in auth header. It's my
understanding this is not necessary (based on UA types in use) so I would like to remove
it. Per module doc, it is "" by default, I tried adding auth param as below but
made no difference. What could be causing this?
U x.x.x.x:5060 -> y.y.y.y:5060
REGISTER sip:y.y.y.y SIP/2.0.
Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2.
From: user <sip:user@y.y.y.y>;tag=682bdce181bb953eo0.
To: user <sip:user@y.y.y.y>.
Call-ID: 1b886b6c-b283de31(a)x.x.x.x.
CSeq: 612 REGISTER.
Max-Forwards: 70.
Contact: user <sip:100@x.x.x.x:5060>;expires=1800.
User-Agent: agent
Content-Length: 0.
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER.
Supported: x-sipura, replaces.
.
U y.y.y.y:5060 -> x.x.x.x:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2;rport=5060.
From: user <sip:user@y.y.y.y>;tag=682bdce181bb953eo0.
To: user <sip:user@y.y.y.y>;tag=02500e456b34f8655aebe61627730a5a.852c.
Call-ID: 1b886b6c-b283de31(a)x.x.x.x.
CSeq: 612 REGISTER.
WWW-Authenticate: Digest realm="y.y.y.y",
nonce="UoV8q1KFe38amcNXXHXmuDU83y1OXg2n", qop="auth".
Server: SIP Proxy.
Content-Length: 0..
version: kamailio 4.0.3 (i386/linux) 090035
# ----- auth params -----
modparam("auth", "qop", "")
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "id")
modparam("auth_db", "use_domain", MULTIDOMAIN)
modparam("auth_db", "version_table", 0)
.........
if (!www_authenticate("$td", SIP_TABLE)) {
www_challenge("$td", "1");
exit;
}
.........
[cid:image001.gif@01CEE17B.A12FBB50]
Show replies by date
Well, I just figured it out -
Changed from 1 to 0
www_challenge("$td", "1");
www_challenge("$td", "0");
The relationship between AUTH module and backend storage modules AUTH_DB is a little
confusing, but I see documentation on AUTH module does explain this.
Sorry to clutter the list.
From: sr-users-bounces(a)lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org]
On Behalf Of Daniel W. Graham
Sent: Thursday, November 14, 2013 9:07 PM
To: sr-users(a)lists.sip-router.org
Subject: [SR-Users] kamailio sending qop in auth header
It may be my lack of understanding, but I moved from using auth_check function to
www_authenticate function and now see kamailio sending qop in auth header. It's my
understanding this is not necessary (based on UA types in use) so I would like to remove
it. Per module doc, it is "" by default, I tried adding auth param as below but
made no difference. What could be causing this?
U x.x.x.x:5060 -> y.y.y.y:5060
REGISTER sip:y.y.y.y SIP/2.0.
Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2.
From: user <sip:user@y.y.y.y>;tag=682bdce181bb953eo0.
To: user <sip:user@y.y.y.y>.
Call-ID: 1b886b6c-b283de31@x.x.x.x<mailto:1b886b6c-b283de31@x.x.x.x>.
CSeq: 612 REGISTER.
Max-Forwards: 70.
Contact: user <sip:100@x.x.x.x:5060>;expires=1800.
User-Agent: agent
Content-Length: 0.
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER.
Supported: x-sipura, replaces.
.
U y.y.y.y:5060 -> x.x.x.x:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2;rport=5060.
From: user <sip:user@y.y.y.y>;tag=682bdce181bb953eo0.
To: user <sip:user@y.y.y.y>;tag=02500e456b34f8655aebe61627730a5a.852c.
Call-ID: 1b886b6c-b283de31@x.x.x.x<mailto:1b886b6c-b283de31@x.x.x.x>.
CSeq: 612 REGISTER.
WWW-Authenticate: Digest realm="y.y.y.y",
nonce="UoV8q1KFe38amcNXXHXmuDU83y1OXg2n", qop="auth".
Server: SIP Proxy.
Content-Length: 0..
version: kamailio 4.0.3 (i386/linux) 090035
# ----- auth params -----
modparam("auth", "qop", "")
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "id")
modparam("auth_db", "use_domain", MULTIDOMAIN)
modparam("auth_db", "version_table", 0)
.........
if (!www_authenticate("$td", SIP_TABLE)) {
www_challenge("$td", "1");
exit;
}
.........
[cid:image001.gif@01CEE17F.F096E480]