Discussion:
[jitsi-users] SIP password forgotten, SIP logout
Daniel Pocock
2014-07-23 14:35:44 UTC
Permalink
I've noticed that Jitsi keeps forgetting the SIP password for one of my
SIP accounts, it logs out of the account and I regularly have to go back
in to the status menu and put the account "online" again.

The password popup appears, I insert the password and click the checkbox
to remember it, but it always seems to forget it (or discard it) after I
make a call and I have to go through the same routine again.

The SIP service in question is a repro SIP proxy in front of an Asterisk
server.

Sometimes it is registered with the proxy but when I make a call I am
greeted with the password prompt again. At this point, I notice it is
handling a challenge from the Asterisk server.

SIP/2.0 401 Unauthorized
...
WWW-Authenticate: Digest algorithm=MD5, realm="example.org",
nonce="4baa653b"

The SIP registrations are kept in the proxy.

There are 2 other devices (one Lumicall and one Polycom) registering as
the same user ID. Lumicall sends instance ID, etc, the Polycom device
does not. Neither of them have this problem.

Does Jitsi have any known problems with scenarios like this where it has
to use the same credential for both the proxy (407 challenge) and the
PBX (401 challenge) or where REGISTER encounters other registrations on
the same user ID?
Ingo Bauersachs
2014-07-23 15:11:08 UTC
Permalink
We have seen this a couple of times before. As far as I could tell during my analysis, Asterisk messes the authentication challenges/replies up.

I dont't know though why only Jitsi seem to show up with this issue. Do you know if the other clients ask the user for the password if they receive an unauthorized reply or do they just go on and retry silently with the same saved password?

Freundliche GrĂ¼sse,
Ingo Bauersachs

-- sent from my mobile
Post by Daniel Pocock
I've noticed that Jitsi keeps forgetting the SIP password for one of my
SIP accounts, it logs out of the account and I regularly have to go back
in to the status menu and put the account "online" again.
The password popup appears, I insert the password and click the checkbox
to remember it, but it always seems to forget it (or discard it) after I
make a call and I have to go through the same routine again.
The SIP service in question is a repro SIP proxy in front of an Asterisk
server.
Sometimes it is registered with the proxy but when I make a call I am
greeted with the password prompt again. At this point, I notice it is
handling a challenge from the Asterisk server.
SIP/2.0 401 Unauthorized
...
WWW-Authenticate: Digest algorithm=MD5, realm="example.org",
nonce="4baa653b"
The SIP registrations are kept in the proxy.
There are 2 other devices (one Lumicall and one Polycom) registering as
the same user ID. Lumicall sends instance ID, etc, the Polycom device
does not. Neither of them have this problem.
Does Jitsi have any known problems with scenarios like this where it has
to use the same credential for both the proxy (407 challenge) and the
PBX (401 challenge) or where REGISTER encounters other registrations on
the same user ID?
_______________________________________________
users mailing list
http://lists.jitsi.org/mailman/listinfo/users
Emil Ivov
2014-07-23 15:12:00 UTC
Permalink
We don't really support multiple authentications on the same connection.
I haven't actually seen that deployed in production services.

I assume that other phones may simply ignore the fact that the second
challenge is coming from someone else.

Emil
Post by Daniel Pocock
I've noticed that Jitsi keeps forgetting the SIP password for one of my
SIP accounts, it logs out of the account and I regularly have to go back
in to the status menu and put the account "online" again.
The password popup appears, I insert the password and click the checkbox
to remember it, but it always seems to forget it (or discard it) after I
make a call and I have to go through the same routine again.
The SIP service in question is a repro SIP proxy in front of an Asterisk
server.
Sometimes it is registered with the proxy but when I make a call I am
greeted with the password prompt again. At this point, I notice it is
handling a challenge from the Asterisk server.
SIP/2.0 401 Unauthorized
...
WWW-Authenticate: Digest algorithm=MD5, realm="example.org",
nonce="4baa653b"
The SIP registrations are kept in the proxy.
There are 2 other devices (one Lumicall and one Polycom) registering as
the same user ID. Lumicall sends instance ID, etc, the Polycom device
does not. Neither of them have this problem.
Does Jitsi have any known problems with scenarios like this where it has
to use the same credential for both the proxy (407 challenge) and the
PBX (401 challenge) or where REGISTER encounters other registrations on
the same user ID?
_______________________________________________
users mailing list
http://lists.jitsi.org/mailman/listinfo/users
--
https://jitsi.org
Daniel Pocock
2014-07-23 15:47:48 UTC
Permalink
Post by Ingo Bauersachs
We have seen this a couple of times before. As far as I could tell during my analysis, Asterisk messes the authentication challenges/replies up.
I dont't know though why only Jitsi seem to show up with this issue. Do you know if the other clients ask the user for the password if they receive an unauthorized reply or do they just go on and retry silently with the same saved password?
The other clients answer each challenge with the password that they
know, e.g.


client sends INVITE
proxy challenges 407 and Proxy-Authenticate header
client sends INVITE with Proxy-Authorization header
PBX challenges 401 and WWW-Authenticate
clients sends INVITE with both Proxy-Authorization and Authorization headers
proxy validates Proxy-Authorization header again, strips it from the
message, sends to the PBX with just Authorization header
PBX responds 180, 200, ...

Loading...