Registration loop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I saw many UAs do this way.So some sip registar will respond 403 if account
or password is wrong after 401 challenge.

regards,
Gang

On Fri, May 15, 2009 at 12:45 AM, Nuno Costa <ncosta at wit-software.com>wrote:

> Hi,
>
> During recent tests, I find out a strange behavior during the
> authentication process using the Digest algorithm.
> Analyzing the problem from a high level, this is the behavior:
>     1. A REGISTER packet without any authentication header is sent to the
> server.
>     2. The server replies with a '401 Unauthorized' with an authentication
> header which includes a challenge (nonce).
>     3. The client issues a new REGISTER request with the necessary
> authentication header, including the answer to the challenge.
>     4. As the response is incorrect (because the password is incorrect),
> the server replies again with a '401 Unauthorized', but includes a new
> challenge and stale = false.
>     5. When the client receives a new challenge, it automatically restarts
> a new authentication process, by sending a new REGISTER request with the
> response to to challenge #2.
>     6. As before, the server answer with new challenge.
>     7. And the client issues a new response.
>     8. Steps 6 and 7 are repeated endless until the server locks the
> account and answer with a '403 User Not Authenticated'.
>
> Both behaviours (client and server side) seem to be correct and compliant
> with RFC 3261 (SIP: Session Initiation Protocol) and RFC 2617 (HTTP
> Authentication: Basic and Digest Access Authentication).
> Am I missing anything?
>
> Best regards,
> Nuno Costa
>
> --
> =========================================
> Nuno Costa
> Senior Engineer
> WIT Software S.A.
> Coimbra (Portugal), San Jose (California)
> Phone : +351 239 801030
> Mobile: +351 91 9821825
> Email : nuno.costa at wit-software.com
> Web: http://www.wit-software.com
> =========================================
>
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090515/13384aad/attachment-0001.html>


[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux