[OpenSIPS-Users] Error in auth module
Sergio Gutierrez
saguti at gmail.com
Wed Jun 10 23:15:35 CEST 2009
Hello Iñaki.
Thanks for your answer.
I am facing the problem both with Grandstream HT-487 and with Zoiper
softphone.
Thanks and regards.
Sergio.
On Wed, Jun 10, 2009 at 4:12 PM, Iñaki Baz Castillo <ibc at aliax.net> wrote:
> El Miércoles, 10 de Junio de 2009, Sergio Gutierrez escribió:
> > Hello to all members.
> >
> > I am running OpenSIPS 1.5.1 with MySQL authentication and authorization
> > backend; after some minutes of running, I am getting the following error
> in
> > log:
> >
> > Jun 10 16:00:55 [25744] DBG:auth:reserve_nonce_index: second= 13,
> > sec_monit= 1, index= 5
> > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: nonce index= 5
> > Jun 10 16:00:55 [25744] DBG:auth:build_auth_hf: 'Proxy-Authenticate:
> Digest
> > realm="200.13.225.250",
> > nonce="4a2f928500000005acf87663581a317e2716f2ae64017424"
> > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
> > [4a2f928500000005acf87663581a317e2716f2ae64017424] and
> > [4a2f928500000005acf87663581a317e2716f2ae64017424]
> > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
> > Jun 10 16:00:55 [25744] DBG:auth:check_nonce: comparing
> > [4a2f928500000005acf87663581a317e2716f2ae64017424] and
> > [4a2f928500000005acf87663581a317e2716f2ae64017424]
> > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index= 5
> > Jun 10 16:00:55 [25744] DBG:auth:is_nonce_index_valid: nonce already used
> > Jun 10 16:00:55 [25744] DBG:auth:post_auth: nonce index not valid
> >
> > With this, calls fail as I am checking authorization at INVITE. Register
> > works without any problem.
> >
> > Any hint on this?
>
> It means that, even if the digest response is valid, it's has been already
> used (most probably by the same UA). This is configurable in OpenSIPS: you
> can
> set OpenSIPS to allow multiple usage of same digest response or not.
>
> Usually, a SIP device sends a request, receives a challenge, generates the
> digest response and resends the same requests with credentials.
> The next time the device sends a request, it directly adds the previous
> credentials. The server can accept it (since it's valid and hasn't yet
> expires
> in the server) or can refuse it by replying 401/407 with a new digest
> nonce.
> Then the UA should generate a new request containing credentials according
> to
> this nonce.
>
> Your UA seems not to do it. Which phone are you using?
>
>
>
>
> --
> Iñaki Baz Castillo <ibc at aliax.net>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Sergio Gutiérrez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090610/3503cb35/attachment.htm
More information about the Users
mailing list