tks, that cleared it up ...I think :-), interesting that there are so
many levels of auth for a call, am sure alot of setups have a few open
holes in them
Iqbal
Greger V. Teigre wrote:
A quick reply without verifying, so no guarantees on
the quality of
the answers...
www_authorize , will this always fail, ? because
it seems to and then
a
www.challenge is sent.
If the message has included digest credentials and the nonce value has
not expired, it will not fail, but just verify the credentials without
an extra authentication.
In
www.challenge, is it okay to leave the realm
blank, as I have
done, or is it better practice to have the same realm as that in
www_authorise("", "1");
I think leaving it blank (both www_authorize and challenge) is better
if you have multiple domains, as the realm will be implicit. However,
I believe you should either set both or none.
check_to should only be run if auth is correct
above , is that correct?
That's correct.
Why run check_to at all, ?
Because the username and authorization can be set to different values.
As the username is registered as the location, you can for example use
email address for authentication and a phone number for username. The
user will then be accessible through the phone number, but not email
address. However, the user may configure the device with ANY phone
number unless you check that the username is allowed for this
particular authentication user. This check is what check_to enforces
by making sure that authentication user and username are equal.
and then u have proxy_auth and proxy_challenge,
and is_from_local and
is_uri_local, surely all these dont need to be used as checks in
INVITE or do they.
The first two are for security, the last two are for routing:
is_from_local checks the caller's domain part agains the DB of local
domains. If you use domain when authentication the INVITE, you don't
need is_from_local as a security measure, but rather as a way to
detect messages from local UACs.
is_uri_local does the same for the destination (callee) to determine
whether it's local.
g-)
.