[asterisk-dev] REGISTER uses 401 not 407?

Roy Sigurd Karlsbakk roy at karlsbakk.net
Sun Oct 8 10:34:49 MST 2006


>>>>  From RFC3261 8.1.3.5:
>>>>
>>>>> If a 401 (Unauthorized) or 407 (Proxy Authentication Required)
>>>>> response is received, the UAC SHOULD follow the authorization
>>>>> procedures of Section 22.2 and Section 22.3 to retry the  
>>>>> request  with
>>>>> credentials.
>>>
>>>
>>> And from RFC 3261 22.1:
>>>
>>>    A UAC MUST NOT re-attempt requests with the credentials
>>>    that have just been rejected (though the request may be  
>>> retried if
>>>    the nonce was stale).
>> But as stated just above that text, that is in the case of a 403:
>>> ...In this instance a server may repeat its challenge, or it may   
>>> respond with a 403 Forbidden.  A UAC MUST NOT re-attempt  
>>> requests  with the credentials that have just been rejected  
>>> (though the  request may be retried if the nonce was stale).
>> A 401/407 is merely an answer meaning "hey! I need to see your  
>> creds!"
>
> Correct, but you could end up in and endless loop of REGISTER and  
> 401/407 responses if you re-attempt the REGISTER request with the  
> credentials that have just been rejected. Since the UAS can choose  
> between responding with 403 or repeat the challenge in a new  
> 401/407 response according to the section you quoted above.

A 403 should not initiate a new attempt, but a 40[17] should. Could  
it be a wrong password causing this? Or perhaps a wrong nonce?Have  
you tried a different client to see if it's client dependent? If you  
still, after going through these tests, beleive it's a bug, please  
file it on bugs.digium.com

roy
---
"Humans mostly aren't particularly evil. They just get carried away  
by new ideas, like dressing up in jackboots and shooting people, or  
dressing up in white sheets and lynching people, or dressing up in  
tie-dye jeans and playing guitars at people"
  - Terry Pratchett
-------------------------------
Roy Sigurd Karlsbakk
roy at karlsbakk.net





More information about the asterisk-dev mailing list