Hi Andreas, short question: Why don't you use a shared secret to create a nonce value?
http://kamailio.org/docs/modules/devel/modules/auth.html#auth.secret Something like: # ----------------- Settings for Auth-DB --------------- modparam("auth", "secret", "sipwise-is-great") If you set a common secret on all servers, all servers can validate the nonce-value (works at least with 1.5 and 3.2). Carsten 2012/11/19 Andreas Granig <agra...@sipwise.com>: > Hi David, > > On 11/19/2012 02:54 PM, David J wrote: >> Is the database shared? If so maybe when they authenticate add a secure >> token to the header that the second proxy can use for auth? > > No, the DBs are explicitely NOT shared in this scenario. > >> Just a suggestion not sure if its the answer your looking for or perhaps >> I didn't understand the scenario well enough. > > Let me try to put the scenario in different words: > > If a request from a subscriber hits a server, and it doesn't contain an > Authorization header, then the server would just challenge the request. > This doesn't require any subscriber information on this server, so it > shouldn't matter whether this subscriber exists on this server or not. > > When the request comes in again, this time with an Authorization header, > the server can use the username and realm of this header to check > whether the subscriber is local or not. If it's local, it would just try > to authenticate it as usual, and if it's not, it can look up the correct > server using this auth username/realm and forward the request to the > responsible server. > > Now this second server would receive a request, which already contains > an authorization header, but it won't be able to authenticate it if the > nonce is not in sync between server1 and server2. > > So this leads to the question whether it's possible to sync the nonces > in a way that server1 challenges a request, and a different server would > be able to authenticate the subsequent request holding the > challenge-response. > > Andreas > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > -- Carsten Bock CEO (Geschäftsführer) ng-voice GmbH Schomburgstr. 80 D-22767 Hamburg / Germany http://www.ng-voice.com mailto:cars...@ng-voice.com Office +49 40 34927219 Fax +49 40 34927220 Sitz der Gesellschaft: Hamburg Registergericht: Amtsgericht Hamburg, HRB 120189 Geschäftsführer: Carsten Bock Ust-ID: DE279344284 Hier finden Sie unsere handelsrechtlichen Pflichtangaben: http://www.ng-voice.com/imprint/ _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
