(RADIATOR) draft-sterman-aaa-sip
Pavel A Crasotin
pavel at ctk.ru
Mon Feb 5 03:40:10 CST 2007
Hello, Hugh.
I'm trying authenticate Asterisk as a SIP UA on SIP proxy using RADIATOR.
SIP proxy we use is SIPHIT module for MVTS.
The digest authentication in SIPHIT is based on the draft-sterman-aaa-sip
only. SIPHIT does not support RFC4590 at this moment.
So I faced 2 problems causing authentication failure
First, the Digest-Response attribute in mentioned draft uses code 206
instead 103 as in RFC4590.
This problem can be solved by editing dictionary file.
Second, there is no QOP attribute in authentication request sent by
SIPHIT. And there is no qop-value in request sent by Asterisk.
draft-sterman-aaa-sip does not state what should be in it, as I can
see. But RADIATOR expects it to calculate ha1 and ha2.
As workaround I've patched AuthGeneric.pm:
@@ -752,6 +752,7 @@
$eb_hash = $p->get_attr('Digest-Entity-Body-Hash');
$algorithm = $p->get_attr('Digest-Algorithm');
}
+ $qop = 'MD5' unless defined $qop;
$algorithm = 'MD5' unless defined $algorithm;
$method = 'INVITE'unless defined $method;
$submitted_pw = 'UNKNOWN-SIP-DIGEST';
This is "quick and dirty" patch. I think we should check the code of
Digest-Response attribute:
if(code_of_attr('Digest-Response') == 206) {
$qop = 'MD5' unless defined $qop;
}
What do you think about it?
Thanks in advance.
--
With respect,
Pavel A Crasotin
OJSC SeverTransCom
Tel: +7 (4852) 58-41-03, 58-01-01
Fax: +7 (4852) 58-01-01
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list