[Serusers] Checking user credentials on INVITE method
Andrei Pelinescu-Onciul
pelinescu-onciul at fokus.fraunhofer.de
Thu Jul 31 12:55:20 CEST 2003
On Jul 31, 2003 at 12:47, Director General: NEFACOMP <dg at nefacomp.net> wrote:
> I know Jan won't be happy for this question because it may look simple.
> But I have tried everything I can and after failing I decided to ask it
> here.
>
> I have realized that SER checks the username and password when a UA sends a
> REGISTER command but it doesn't check the password when a user sends a
> INVITE command.
You have in your cfg. file something like:
if (method=="REGISTER") {
if (!www_authorize("iptel.org", "subscriber")) {
www_challenge("iptel.org", "0");
break;
};
This will challenge only the registers.
Change if (method=="REGISTER") to if (method=="REGISTER" || method=="INVITE")
a.s.o.
Note however that you will be able to receive calls only from users
registered with your proxy.
If you plan to allow only "authorized" requests be carefull not to
challenge ACKs and CANCELs (they must not be challenged), e.g:
if (method!="ACK" && method!="CANCEL") {
[...]
>
Andrei
More information about the sr-users
mailing list