[Kamailio-Devel] [ openser-Bugs-2740437 ] PUBLISH authentication is wrong

Juha Heinanen jh at tutpro.com
Thu Apr 16 18:40:54 CEST 2009

Klaus Darilion writes:

 > Wouldn't it be better to always derive the realm from the From header - 
 > because the authorize/challenge function are actually just for 
 > authentication - and authentication means to authenticate the party 
 > which sends the request. (actually the problem is even complexer as an 
 > realm needs not to be equivalent to the domain at all - stupid SIP).

i agree.

 > Then, depending on the scenario the relevant checks can be performed in 
 > script - e.g. if fromuser=authuser, touri=authuser at realm or 
 > ruri=authuser at realm.

yes, but that may be a too radical change to make at this stage.

 > Probably it would be even nicer if authentication username has to 
 > contain the domain and the realm is just an identifier if the SIP proxy 
 > without relation to domains.

that too would break too many existing scripts.

-- juha

More information about the Devel mailing list