[OpenSIPS-Users] Nonce expire
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Sat Apr 3 08:38:29 CEST 2010
Hi Daniel,
it it because the nonce reusage - opensips (by default) uses a nonce for
a single authentication, after that it reports it as stale.
If you want to disable this behaviour (to enable nonce reusage), see the
auth param "disable_nonce_check" :
http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id228317
Regards,
Bogdan
Daniel Goepp wrote:
> Ah...I see what that retcode is anyway, 2^32 = 4294967296, so those
> are really just -4 first, no credentials, then -3 stale nonce
>
> -dg
>
>
> On Fri, Apr 2, 2010 at 1:50 PM, Daniel Goepp <dan at goepp.net
> <mailto:dan at goepp.net>> wrote:
> >
> > A quick follow up on this, I enabled some logging, but the retcode
> is not making any sense to me (probably because I'm using it wrong).
> >
> > From my config:
> >
> > xlog ("REGISTER $fu");
> > # authenticate the REGISTER requests (uncomment to
> enable auth)
> > if (!www_authorize("", "subscriber"))
> > {
> > xlog ("Not authorized - challenging, error:
> $retcode");
> > www_challenge("", "1");
> > exit;
> > }
> >
> > Then in the log:
> >
> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not
> authorized - challenging, error: 4294967293
> > Apr 2 13:49:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:49:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30182]: Not
> authorized - challenging, error: 4294967292
> > Apr 2 13:50:18 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:50:38 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30180]: Not
> authorized - challenging, error: 4294967292
> > Apr 2 13:50:58 ip-10-160-23-47 /usr/local/sbin/opensips[30182]:
> REGISTER sip:1001 at vidtel.com <mailto:sip%3A1001 at vidtel.com>
> >
> > Also I'm running 1.6.2-tls compiled today from latest 1_6 branch in SVN.
> >
> > -dg
> >
> >
> > On Fri, Apr 2, 2010 at 1:40 PM, Daniel Goepp <dan at goepp.net
> <mailto:dan at goepp.net>> wrote:
> >>
> >> I'm having some trouble with nonce expiring I believe. The problem
> is that every other one of my endpoint registrations is doing an auth
> challenge w/401.
> >>
> >> From my config:
> >> modparam("registrar", "default_expires", 60)
> >> modparam("registrar", "min_expires", 60)
> >> modparam("registrar", "max_expires", 60
> >>
> >> modparam("auth", "nonce_expire", 3600)
> >>
> >> From this I would expect the devices to try to register every 60
> seconds, and get challenged every hour with a new nonce.
> >>
> >> Comments on why OpenSIPS is challenging every other registration?
> >>
> >> Thanks
> >>
> >> -dg
> >
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Bogdan-Andrei Iancu
www.voice-system.ro
More information about the Users
mailing list