It may be my lack of understanding, but I moved from using auth_check function to www_authenticate function and now see kamailio sending qop in auth header. It's my understanding this is not necessary (based on UA types in use) so I would like to remove it. Per module doc, it is "" by default, I tried adding auth param as below but made no difference. What could be causing this?
U x.x.x.x:5060 -> y.y.y.y:5060 REGISTER sip:y.y.y.y SIP/2.0. Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2. From: user sip:user@y.y.y.y;tag=682bdce181bb953eo0. To: user sip:user@y.y.y.y. Call-ID: 1b886b6c-b283de31@x.x.x.x. CSeq: 612 REGISTER. Max-Forwards: 70. Contact: user sip:100@x.x.x.x:5060;expires=1800. User-Agent: agent Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura, replaces. .
U y.y.y.y:5060 -> x.x.x.x:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2;rport=5060. From: user sip:user@y.y.y.y;tag=682bdce181bb953eo0. To: user sip:user@y.y.y.y;tag=02500e456b34f8655aebe61627730a5a.852c. Call-ID: 1b886b6c-b283de31@x.x.x.x. CSeq: 612 REGISTER. WWW-Authenticate: Digest realm="y.y.y.y", nonce="UoV8q1KFe38amcNXXHXmuDU83y1OXg2n", qop="auth". Server: SIP Proxy. Content-Length: 0..
version: kamailio 4.0.3 (i386/linux) 090035
# ----- auth params ----- modparam("auth", "qop", "")
# ----- auth_db params ----- #!ifdef WITH_AUTH modparam("auth_db", "db_url", DBURL) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "id") modparam("auth_db", "use_domain", MULTIDOMAIN) modparam("auth_db", "version_table", 0)
.........
if (!www_authenticate("$td", SIP_TABLE)) { www_challenge("$td", "1"); exit; } .........
[cid:image001.gif@01CEE17B.A12FBB50]
Well, I just figured it out -
Changed from 1 to 0
www_challenge("$td", "1");
www_challenge("$td", "0");
The relationship between AUTH module and backend storage modules AUTH_DB is a little confusing, but I see documentation on AUTH module does explain this.
Sorry to clutter the list.
From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel W. Graham Sent: Thursday, November 14, 2013 9:07 PM To: sr-users@lists.sip-router.org Subject: [SR-Users] kamailio sending qop in auth header
It may be my lack of understanding, but I moved from using auth_check function to www_authenticate function and now see kamailio sending qop in auth header. It's my understanding this is not necessary (based on UA types in use) so I would like to remove it. Per module doc, it is "" by default, I tried adding auth param as below but made no difference. What could be causing this?
U x.x.x.x:5060 -> y.y.y.y:5060 REGISTER sip:y.y.y.y SIP/2.0. Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2. From: user sip:user@y.y.y.y;tag=682bdce181bb953eo0. To: user sip:user@y.y.y.y. Call-ID: 1b886b6c-b283de31@x.x.x.xmailto:1b886b6c-b283de31@x.x.x.x. CSeq: 612 REGISTER. Max-Forwards: 70. Contact: user sip:100@x.x.x.x:5060;expires=1800. User-Agent: agent Content-Length: 0. Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER. Supported: x-sipura, replaces. .
U y.y.y.y:5060 -> x.x.x.x:5060 SIP/2.0 401 Unauthorized. Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bK-bd3965f2;rport=5060. From: user sip:user@y.y.y.y;tag=682bdce181bb953eo0. To: user sip:user@y.y.y.y;tag=02500e456b34f8655aebe61627730a5a.852c. Call-ID: 1b886b6c-b283de31@x.x.x.xmailto:1b886b6c-b283de31@x.x.x.x. CSeq: 612 REGISTER. WWW-Authenticate: Digest realm="y.y.y.y", nonce="UoV8q1KFe38amcNXXHXmuDU83y1OXg2n", qop="auth". Server: SIP Proxy. Content-Length: 0..
version: kamailio 4.0.3 (i386/linux) 090035
# ----- auth params ----- modparam("auth", "qop", "")
# ----- auth_db params ----- #!ifdef WITH_AUTH modparam("auth_db", "db_url", DBURL) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "id") modparam("auth_db", "use_domain", MULTIDOMAIN) modparam("auth_db", "version_table", 0)
.........
if (!www_authenticate("$td", SIP_TABLE)) { www_challenge("$td", "1"); exit; } .........
[cid:image001.gif@01CEE17F.F096E480]
-
Daniel W. Graham