AudioCodes Mediant 1000B User Manual page 980

Parameter
Web: Authentication Challenge
Method
CLI: auth-chlng-mthd
[AuthChallengeMethod]
Web: Authentication Quality of
Protection
CLI: auth-qop
[AuthQOP]
Web: SBC User Registration Time
CLI: sbc-usr-rgstr-time
[SBCUserRegistrationTime]
CLI: config-voip>sbc general-
setting sbc-rand-expire
[SBCRandomizeExpires]
User's Manual
Defines the type of server-based authentication challenge.

[0] 0 = (Default) Send SIP 401 "Unauthorized" with a WWW-
Authenticate header as the authentication challenge
response.

[1] 1 = Send SIP 407 "Proxy Authentication Required" with a
Proxy-Authenticate header as the authentication challenge
response.
Defines the authentication and integrity level of quality of
protection (QoP) for digest authentication offered to the client.
When the device challenges a SIP request (e.g., INVITE), it
sends a SIP 401 response with the Proxy-Authenticate header
or WWW-Authenticate header containing the 'qop' parameter.
The QoP offered in the 401 response can be 'auth', 'auth-int',
both 'auth' and 'auth-int', or the 'qop' parameter can be omitted
from the 401 response. In response to the 401, the client needs
to send the device another INVITE with the MD5 hash of the
INVITE message and indicate the selected auth type.

[0] 0 = The device sends 'qop=auth' in the SIP response,
requesting authentication (i.e., validates user by checking
user name and password). This option does not authenticate
the message body (i.e., SDP).

[1] 1 = The device sends 'qop=auth-int' in the SIP response,
indicating required authentication and authentication with
integrity (e.g., checksum). This option restricts the client to
authenticating the entire SIP message, including the body, if
present.

[2] 2 = (Default) The device sends 'qop=auth, auth-int' in the
SIP response, indicating either authentication or integrity.
This enables the client to choose 'auth' or 'auth-int'. If the
client chooses 'auth-int', then the body is included in the
authentication. If the client chooses 'auth', then the body is
not authenticated.

[3] 3 = No 'qop' parameter is offered in the SIP 401
challenge message.
Global parameter that defines the duration (in seconds) of the
periodic registrations that occur between the user and the
device (the device responds with this value to the user). You
can also configure this functionality per specific calls, using IP
Profiles (IpProfile_SBCUserRegistrationTime). For a detailed
description of this parameter and for configuring this
functionality in the IP Profile table, see ''Configuring IP Profiles''
on page 302.
Note: If this functionality is configured for a specific IP Profile,
the settings of this global parameter is ignored for calls
associated with the IP Profile.
Defines a value (in seconds) that is used to calculate a new
value for the expiry time in the Expires header of SIP 200 OK
responses for user registration and subscription requests from
users.
The expiry time value appears in the Expires header in
REGISTER and SUBSCRIBE SIP messages. When the device
receives such a request from a user, it forwards it to the proxy
or registrar server. Upon a successful registration or
subscription, the server sends a SIP 200 OK response. If the
980
Mediant 1000B Gateway & SBC
Description
Document #: LTRT-27034