5.
[ S N O M 4 S N A T F I L T E R ]
correctly.
The web requests that the SBC sends to the application server has the following parameters:
•The parameter “action” is set to “auth”. By looking at this parameter, the application server can easily find out that it should do a pass- word lookup.
•The parameter “from” contains the user/host pain. It has the format user@host, there is no scheme and no parameters included in this parameter.
The authentication cache is written with every web response. The response may contain any number of answered, but must at least contain the requests user/host pair. The answer must be encoded in a comma separated value format with no header line. The CSV response has the following fields:
•The first cell contains the user/host pair in the same format as in the request. The SBC identifies the cache entry by this cell.
•The second cell contains the user name that should be used for the challenging. Typically, this is identical with the user name part of the from cell, but sometimes the challenging should use a different name.
•The third cell contains the realm that should be used for the chal- lenging. Again, this field should typically be identical to the host part of the from header, but in some situations this realm can be differ- ent (for example, when canonical realm names must be used).
•The fourth cell contains the password in clear text.
•The fifth cell contains the expiration of that cache entry in seconds. After this time the SBC will remove the entry from the list and issue another applications server request to refresh the values. A typical value would be one hour (3600 seconds).
The SBC interprets the presence of the parameters in the follow- ing way:
•If the realm or the username are not set, that user will always be challenged with no hope for recovery. That practically means that the request is denied.
•If realm and username are set but the password is empty, the re- quest will not be challenged; instead it will be assumed that the user