[Kamailio-Devel] [ openser-Bugs-2740437 ] PUBLISH authentication is wrong
Juha Heinanen
jh at tutpro.com
Thu Apr 16 18:40:54 CEST 2009
Klaus Darilion writes:
> Wouldn't it be better to always derive the realm from the From header -
> because the authorize/challenge function are actually just for
> authentication - and authentication means to authenticate the party
> which sends the request. (actually the problem is even complexer as an
> realm needs not to be equivalent to the domain at all - stupid SIP).
i agree.
> Then, depending on the scenario the relevant checks can be performed in
> script - e.g. if fromuser=authuser, touri=authuser at realm or
> ruri=authuser at realm.
yes, but that may be a too radical change to make at this stage.
> Probably it would be even nicer if authentication username has to
> contain the domain and the realm is just an identifier if the SIP proxy
> without relation to domains.
that too would break too many existing scripts.
-- juha
More information about the Devel
mailing list