<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>11 feb 2013 kl. 22:08 skrev "Mark Michelson" <<a href="mailto:reviewboard@asterisk.org">reviewboard@asterisk.org</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite"><pre style="font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); margin: 0px; padding: 0px; white-space: pre-wrap; word-wrap: break-word; ">This means that Asterisk may send multiple WWW-Authenticate headers out in an authentication challenge and can cope with multiple Authorization headers in requests.</pre></blockquote></div>Hi!<div>A small clarification:</div><div><br><div>An endpoint that wants to authenticate a request should only send ONE www-authenticate in one response.</div><div><br></div><div>It can receive multiple proxy-authenticate and ONE www-authenticate in a response, and thus needs to send multiple proxyauth and one www auth in a request.</div><div><br></div><div>Now, if we have multiple auth methods as a server, like md5 and SHA256 I don't know what to do really... This needs to be investigated.</div><div><br></div><div>Cheers</div><div>/O</div></div></body></html>