(RADIATOR) draft-sterman-aaa-sip

Mike McCauley mikem at open.com.au
Mon Feb 5 04:59:26 CST 2007 

Hello Pavel,

thanks for the suggestion.
We have applied the patch as you suggest.
The new patch set is now available.

Cheers.

On Monday 05 February 2007 19:40, Pavel A Crasotin wrote:
> Hello, Hugh.
>
> I'm trying authenticate Asterisk as a SIP UA on SIP proxy using RADIATOR.
> SIP proxy we use is SIPHIT module for MVTS.
> The digest authentication in SIPHIT is based on the draft-sterman-aaa-sip
> only. SIPHIT does not support RFC4590 at this moment.
>
> So I faced 2 problems causing authentication failure
> First, the Digest-Response attribute in mentioned draft uses code 206
> instead 103 as in RFC4590.
> This problem can be solved by editing dictionary file.
>
> Second, there is no QOP attribute in authentication request sent by
> SIPHIT. And there is no qop-value in request sent by Asterisk.
> draft-sterman-aaa-sip does not state what should be in it, as I can
> see. But RADIATOR expects it to calculate ha1 and ha2.
>
> As workaround I've patched AuthGeneric.pm:
> @@ -752,6 +752,7 @@
>             $eb_hash     = $p->get_attr('Digest-Entity-Body-Hash');
>             $algorithm   = $p->get_attr('Digest-Algorithm');
>         }
> +       $qop = 'MD5' unless defined $qop;
>         $algorithm = 'MD5' unless defined $algorithm;
>         $method = 'INVITE'unless defined $method;
>         $submitted_pw = 'UNKNOWN-SIP-DIGEST';
>
> This is "quick and dirty" patch. I think we should check the code of
> Digest-Response attribute:
>   if(code_of_attr('Digest-Response') == 206) {
>       $qop = 'MD5' unless defined $qop;
>   }
>
> What do you think about it?
>
>
> Thanks in advance.
> --
> With respect,
> Pavel A Crasotin
> OJSC SeverTransCom
> Tel: +7 (4852) 58-41-03, 58-01-01
> Fax: +7 (4852) 58-01-01
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list