[OpenSIPS-Users] Error in auth module

Iñaki Baz Castillo ibc at aliax.net
Wed Jun 10 23:12:12 CEST 2009 

El Miércoles, 10 de Junio de 2009, Sergio Gutierrez escribió:
> Hello to all members.
>
> I am running OpenSIPS 1.5.1 with MySQL authentication and authorization
> backend; after some minutes of running, I am getting the following error in
> log:
>
> Jun 10 16:00:55 [25744] DBG:auth:reserve_nonce_index: second= 13,
> sec_monit= 1,  index= 5
> Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: nonce index= 5
> Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: 'Proxy-Authenticate: Digest
> realm="200.13.225.250",
> nonce="4a2f928500000005acf87663581a317e2716f2ae64017424"
> Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
> [4a2f928500000005acf87663581a317e2716f2ae64017424] and
> [4a2f928500000005acf87663581a317e2716f2ae64017424]
> Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
> Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
> [4a2f928500000005acf87663581a317e2716f2ae64017424] and
> [4a2f928500000005acf87663581a317e2716f2ae64017424]
> Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
> Jun 10 16:00:55 [25744] DBG:auth:is_nonce_index_valid: nonce already used
> Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index not valid
>
> With this, calls fail as I am checking authorization at INVITE. Register
> works without any problem.
>
> Any hint on this?

It means that, even if the digest response is valid, it's has been already 
used (most probably by the same UA). This is configurable in OpenSIPS: you can 
set OpenSIPS to allow multiple usage of same digest response or not.

Usually, a SIP device sends a request, receives a challenge, generates the 
digest response and resends the same requests with credentials.
The next time the device sends a request, it directly adds the previous 
credentials. The server can accept it (since it's valid and hasn't yet expires 
in the server) or can refuse it by replying 401/407 with a new digest nonce. 
Then the UA should generate a new request containing credentials according to 
this nonce.

Your UA seems not to do it. Which phone are you using?




-- 
Iñaki Baz Castillo <ibc at aliax.net>

More information about the Users mailing list