[asterisk-dev] REGISTER uses 401 not 407?
Roy Sigurd Karlsbakk
roy at karlsbakk.net
Sun Oct 8 03:16:42 MST 2006
>>> According to the Audiocodes engineer:
>>>
>>>> Unfortunately we're receiving back a 401 UNAUTHORIZED ... which
>>>> is a
>>>> final response (4xx) <snip/>
>> From RFC3261 8.1.3.5:
>>> If a 401 (Unauthorized) or 407 (Proxy Authentication Required)
>>> response is received, the UAC SHOULD follow the authorization
>>> procedures of Section 22.2 and Section 22.3 to retry the request
>>> with
>>> credentials.
>
> And from RFC 3261 22.1:
>
> A UAC MUST NOT re-attempt requests with the credentials
> that have just been rejected (though the request may be retried if
> the nonce was stale).
But as stated just above that text, that is in the case of a 403:
> ...In this instance a server may repeat its challenge, or it may
> respond with a 403 Forbidden. A UAC MUST NOT re-attempt requests
> with the credentials that have just been rejected (though the
> request may be retried if the nonce was stale).
A 401/407 is merely an answer meaning "hey! I need to see your creds!"
Read the RFC a little more thoroughly, please :)
roy
---
"Humans mostly aren't particularly evil. They just get carried away
by new ideas, like dressing up in jackboots and shooting people, or
dressing up in white sheets and lynching people, or dressing up in
tie-dye jeans and playing guitars at people"
- Terry Pratchett
-------------------------------
Roy Sigurd Karlsbakk
roy at karlsbakk.net
More information about the asterisk-dev
mailing list