[jitsi-dev] [jitsi] password prompts: password periodically forgotten when HA1b used (#232)

When using HA1b, Jitsi prompts for the password and registers or makes a call successfully but sooner or later the password prompt appears again, usually at every new attempt to make a call.

Are you referring to e.g. http://lists.opensips.org/pipermail/users/2009-July/006872.html for the definition of HA1b?
Against which server?

I'm not sure if this issue is entirely based on HA1b support as I see other bug reports about password prompts appearing when they shouldn't. Maybe they are related.

Making HA1b support more convenient (trying both HA1 and HA1b permutations during account creation) would be a separate feature request.

From http://lists.jitsi.org/pipermail/dev/2016-June/028739.html

I've been trying to reproduce the password prompt bug specified in issue
232[1].
I've called multiple times from 1 sip account on ws.sip5060.net
<http://ws.sip5060.net> to another on the same server. This did not made
a password prompt appear. Ingo suggested toggling the wifi connection
and suspending the desktop. This did not made a password prompt appear
either (although suspending made jitsi crash). I have no idea what the
reporter means with ' HA1b' nor how to enable it.

HA1 and HA1b are explained in this page:

http://rtcquickstart.org/guide/multi/user-authentication-credentials.html#idp65188768

Does anyone have more (detailed) information on how to reproduce the issue?

Please tell me which Jitsi version you have.

I made a test now with version 2.9.5478 (maybe a bit old, but that is the same machine where I have seen the problem regularly, so I won't change it right now)

Testing with my rtc.debian.org account, I observe the following:
- initially, all accounts are disabled in the Options dialog
- view the account properties, notice on the "Connection" tab the
"Authorization name" is blank (it had been set previously)
- enable the account in the Options dialog
- password prompt appears, "identifier" field is only showing username (pocock), I change it to "pocock@debian.org" and type the password
- now I click to remember it
- it connects and I can make a call
- I disable the account again
- then I try to enable it again, it prompts for the password again, the "identifier" field just has "pocock" again, it should have remembered that I typed "pocock@debian.org", it should have saved it in the "Authorization name" field

That is one permutation of the problem

Another thing I notice is that if I edit the account properties and put an "Authorization name" in there, looking at any other SIP account properties, they have all taken the value that I typed in the first account. This value should definitely not be shared between accounts. This appears to be another bug, but it could be related to the prompting problem.

There is another password prompting problem as well: I have another SIP proxy that is connected to an Asterisk PBX like this:

Jitsi
   >
   > (SIP over TLS)
   >
repro SIP proxy
   >
   > (SIP over TCP)
   >
Asterisk PBX

It is not using HA1b, only normal HA1. In this environment, I enable the account in Jitsi's options window and it prompts for the password. I enter the password and click "Remember password". Each time I try to make a call, a popup appears asking me for the password again, even though I had clicked "Remember password".

Looking at the SIP logs, I notice that the SIP proxy does a "Proxy-Authenticate" challenge and Jitsi responds to that correctly. The proxy relays the INVITE to Asterisk and Asterisk replies with a "WWW-Authenticate" challenge. Both challenges have the same "realm" value but different nonces. The SIP logs show that Jitsi doesn't make any attempt to respond to the "WWW-Authenticate" challenge using the password it already has, it immediately prompts the user.