[asterisk-dev] REGISTER uses 401 not 407?
Mikael Magnusson
mikma264 at gmail.com
Sun Oct 8 04:03:07 MST 2006
Roy Sigurd Karlsbakk wrote:
>>>> According to the Audiocodes engineer:
>>>>
>>>>> Unfortunately we're receiving back a 401 UNAUTHORIZED ... which is a
>>>>> final response (4xx) <snip/>
>>>
>>> From RFC3261 8.1.3.5:
>>>
>>>> If a 401 (Unauthorized) or 407 (Proxy Authentication Required)
>>>> response is received, the UAC SHOULD follow the authorization
>>>> procedures of Section 22.2 and Section 22.3 to retry the request with
>>>> credentials.
>>
>>
>> And from RFC 3261 22.1:
>>
>> A UAC MUST NOT re-attempt requests with the credentials
>> that have just been rejected (though the request may be retried if
>> the nonce was stale).
>
>
> But as stated just above that text, that is in the case of a 403:
>
>> ...In this instance a server may repeat its challenge, or it may
>> respond with a 403 Forbidden. A UAC MUST NOT re-attempt requests
>> with the credentials that have just been rejected (though the request
>> may be retried if the nonce was stale).
>
>
> A 401/407 is merely an answer meaning "hey! I need to see your creds!"
>
Correct, but you could end up in and endless loop of REGISTER and
401/407 responses if you re-attempt the REGISTER request with the
credentials that have just been rejected. Since the UAS can choose
between responding with 403 or repeat the challenge in a new 401/407
response according to the section you quoted above.
Mikael
More information about the asterisk-dev
mailing list