Discussion:
[Asterisk-Users] Always get 401 Unauthorized..that normal?
Matthew Boehm
2004-10-15 14:22:59 UTC
Permalink
I always get a 401 Unauthorized result before the registration succeedes on
these SIP phones. Is that normal? A REGISTER packet is sent, then a 100
Trying, then a 401 Unauthorized, then another REGISTER and another Trying,
then OK.

Is it normal to always get that 401? Why would registration be unauthorized
then suddenly work? Or is this some algorithm that SIP uses to try different
auth schemes?

The phones are Cisco 7960 btw..

Thanks,
Matthew
Andreas Sikkema
2004-10-15 14:34:08 UTC
Permalink
Post by Matthew Boehm
Is it normal to always get that 401? Why would registration be
unauthorized then suddenly work? Or is this some algorithm that SIP
uses to try different auth schemes?
Im see this too. I think the RFC says the UA shoudl try first
without password, then with password.
--
Andreas Sikkema Rits tele.com
Scheepmakersstraat 11 3011 VH Rotterdam
t: +31 (0)10 2245544 f: +31 (0)10 2245540
Kevin P. Fleming
2004-10-15 14:36:35 UTC
Permalink
Post by Matthew Boehm
I always get a 401 Unauthorized result before the registration succeedes on
these SIP phones. Is that normal? A REGISTER packet is sent, then a 100
Trying, then a 401 Unauthorized, then another REGISTER and another Trying,
then OK.
I believe this is normal; most of the phones I've tested with initially
attempt to register without specifying any authentication method.
Asterisk then declines their registration, and they retry with
authentication, which (presumably) succeeds.
Alex Barnes
2004-10-15 14:44:37 UTC
Permalink
Yeah that is totally normal.

To help prevent replay attacks the SIP device (Asterisk in this case)
includes a authentication header in the "Authentication Required"
response. This includes (among many other things) a random string that
the initiator of the request (your phone) must include when creating the
hash of its password.

Hash sent = md5(password+random string)

In short don't worry that's what is supposed to happen :-P

Cheers

alex

-----Original Message-----
From: Matthew Boehm [mailto:***@cytelcom.com]
Sent: 15 October 2004 15:23
To: asterisk-***@lists.digium.com
Subject: [Asterisk-Users] Always get 401 Unauthorized..that normal?


I always get a 401 Unauthorized result before the registration succeedes
on these SIP phones. Is that normal? A REGISTER packet is sent, then a
100 Trying, then a 401 Unauthorized, then another REGISTER and another
Trying, then OK.

Is it normal to always get that 401? Why would registration be
unauthorized then suddenly work? Or is this some algorithm that SIP uses
to try different auth schemes?

The phones are Cisco 7960 btw..

Thanks,
Matthew


Dear Friends of Ubiquity Software:

As you may have noticed, Ubiquity Software began using the web domain ubiquity.com earlier this year in addition to the previously established ubiquity.net for our website and email communications to you. However, since that time, a dispute has emerged with respect to actual ownership of the ubiquity.com domain.

As an international software company founded over decade ago, you can always reach Ubiquity Software under the website www.ubiquity.net <http://www.ubiquity.net/> and via email at @ubiquity.net. However, we have also chosen to expand our domain to the more specific www.ubiquitysoftware.com <http://www.ubiquitysoftware.com/> for web and @ubiquitysoftware.com for email communications.

Please use either the historical ubiquity.net or begin to use the new ubiquitysoftware.com domain for all email communications to Ubiquity employees from now on.

Thank you.

Regards,

Ubiquity Software
www.ubiquitysoftware.com <http://www.ubiquitysoftware.com/>
***@ubiquitysoftware.com

Continue reading on narkive:
Loading...