sendman wrote:
Hi folks!
I have setup my ser.cfg to request www_authentication on INVITE messages, well, I'm not sure if this is the best solution for allow ONLY registered users to make calls on my proxy.
Does anybody knows the right way to do this configuration?
This is the right way to make sure that only authenticated users make calls on your proxy. I'm guessing that you want to allow unauthenticated inbound calls unless you have a way to assign username/passwords to anyone who might want to call one of your registered users.
I do not think that there are adequate mechanisms implemented for interdomain authentication of callers. If you do want to authenticate callers who are not registered on your proxy (to prevent SIP spam) these two internet drafts might be of interest: http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
Hope this helps, Jamey