[OpenSIPS-Users] Nonce expire

Bogdan-Andrei Iancu bogdan at voice-system.ro
Sat Apr 3 08:38:29 CEST 2010


Hi Daniel,

it it because the nonce reusage - opensips (by default) uses a nonce for 
a single authentication, after that it reports it as stale.
If you want to disable this behaviour (to enable nonce reusage), see the 
auth param "disable_nonce_check" :
    http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id228317

Regards,
Bogdan

Daniel Goepp wrote:
> Ah...I see what that retcode is anyway, 2^32 = 4294967296, so those 
> are really just -4 first, no credentials, then -3 stale nonce
>
> -dg
>
>
> On Fri, Apr 2, 2010 at 1:50 PM, Daniel Goepp <dan at goepp.net 
> <mailto:dan at goepp.net>> wrote:
> >
> > A quick follow up on this, I enabled some logging, but the retcode 
> is not making any sense to me (probably because I'm using it wrong). 
> >
> > From my config:
> >
> >                 xlog ("REGISTER $fu");
> >                 # authenticate the REGISTER requests (uncomment to 
> enable auth)
> >                 if (!www_authorize("", "subscriber"))
> >                 {
> >                         xlog ("Not authorized - challenging, error: 
> $retcode");
> >                         www_challenge("", "1");
> >                         exit;
> >                 }
> >
> > Then in the log:
> >
> > Apr  2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not 
> authorized - challenging, error: 4294967293
> > Apr  2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:49:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: Not 
> authorized - challenging, error: 4294967292
> > Apr  2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:50:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr  2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not 
> authorized - challenging, error: 4294967292
> > Apr  2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: 
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> >
> > Also I'm running 1.6.2-tls compiled today from latest 1_6 branch in SVN.
> >
> > -dg
> >
> >
> > On Fri, Apr 2, 2010 at 1:40 PM, Daniel Goepp <dan at goepp.net 
> <mailto:dan at goepp.net>> wrote:
> >>
> >> I'm having some trouble with nonce expiring I believe.  The problem 
> is that every other one of my endpoint registrations is doing an auth 
> challenge w/401.
> >>
> >> From my config:
> >> modparam("registrar", "default_expires", 60)
> >> modparam("registrar", "min_expires", 60)
> >> modparam("registrar", "max_expires", 60
> >>
> >> modparam("auth", "nonce_expire", 3600)
> >>
> >> From this I would expect the devices to try to register every 60 
> seconds, and get challenged every hour with a new nonce.
> >>
> >> Comments on why OpenSIPS is challenging every other registration?
> >>
> >> Thanks
> >>
> >> -dg
> >
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   


-- 
Bogdan-Andrei Iancu
www.voice-system.ro




More information about the Users mailing list