[jitsi-dev] Issue 232 - password prompts: password periodically forgotten when HA1b used


#1

Hello,

I've been trying to reproduce the password prompt bug specified in issue
232[1].
I've called multiple times from 1 sip account on ws.sip5060.net to another
on the same server. This did not made a password prompt appear. Ingo
suggested toggling the wifi connection and suspending the desktop. This did
not made a password prompt appear either (although suspending made jitsi
crash). I have no idea what the reporter means with ' HA1b' nor how to
enable it.

Does anyone have more (detailed) information on how to reproduce the issue?

Regards,

Nik

[1] = https://github.com/jitsi/jitsi/issues/232


#2

Hello,

I've been trying to reproduce the password prompt bug specified in issue
232[1].
I've called multiple times from 1 sip account on ws.sip5060.net
<http://ws.sip5060.net> to another on the same server. This did not made
a password prompt appear. Ingo suggested toggling the wifi connection
and suspending the desktop. This did not made a password prompt appear
either (although suspending made jitsi crash). I have no idea what the
reporter means with ' HA1b' nor how to enable it.

HA1 and HA1b are explained in this page:

http://rtcquickstart.org/guide/multi/user-authentication-credentials.html#idp65188768

Does anyone have more (detailed) information on how to reproduce the issue?

Please tell me which Jitsi version you have.

I made a test now with version 2.9.5478 (maybe a bit old, but that is
the same machine where I have seen the problem regularly, so I won't
change it right now)

Testing with my rtc.debian.org account, I observe the following:

- initially, all accounts are disabled in the Options dialog

- view the account properties, notice on the "Connection" tab the
"Authorization name" is blank (it had been set previously)

- enable the account in the Options dialog

- password prompt appears, "identifier" field is only showing username
(pocock), I change it to "pocock@debian.org" and type the password

- now I click to remember it

- it connects and I can make a call

- I disable the account again

- then I try to enable it again, it prompts for the password again, the
"identifier" field just has "pocock" again, it should have remembered
that I typed "pocock@debian.org", it should have saved it in the
"Authorization name" field

That is one permutation of the problem

Another thing I notice is that if I edit the account properties and put
an "Authorization name" in there, looking at any other SIP account
properties, they have all taken the value that I typed in the first
account. This value should definitely not be shared between accounts.
This appears to be another bug, but it could be related to the prompting
problem.

There is another password prompting problem as well: I have another SIP
proxy that is connected to an Asterisk PBX like this:

Jitsi
   >
   > (SIP over TLS)
   >
repro SIP proxy
   >
   > (SIP over TCP)
   >
Asterisk PBX

It is not using HA1b, only normal HA1. In this environment, I enable
the account in Jitsi's options window and it prompts for the password.
I enter the password and click "Remember password". Each time I try to
make a call, a popup appears asking me for the password again, even
though I had clicked "Remember password".

Looking at the SIP logs, I notice that the SIP proxy does a
"Proxy-Authenticate" challenge and Jitsi responds to that correctly.
The proxy relays the INVITE to Asterisk and Asterisk replies with a
"WWW-Authenticate" challenge. Both challenges have the same "realm"
value but different nonces. The SIP logs show that Jitsi doesn't make
any attempt to respond to the "WWW-Authenticate" challenge using the
password it already has, it immediately prompts the user.

I can probably create an account for you on this test environment too.

Regards,

Daniel

···

On 07/06/16 22:21, Nik V wrote: