[Serusers] Checking user credentials on INVITE method

Jan Janak jan at iptel.org
Thu Jul 31 12:57:49 CEST 2003

On 31-07 12:55, Andrei Pelinescu-Onciul wrote:
> On Jul 31, 2003 at 12:47, Director General: NEFACOMP <dg at nefacomp.net> wrote:
> > I know Jan won't be happy for this question because it may look simple.
> > But I have tried everything I can and after failing I decided to ask it
> > here.
> > 
> > I have realized that SER checks the username and password when a UA sends a
> > REGISTER command but it doesn't check the password when a user sends a
> > INVITE command.
> You have in your cfg. file something like:
>                 if (method=="REGISTER") {
>                        if (!www_authorize("iptel.org", "subscriber")) {
>                                www_challenge("iptel.org", "0");
>                                break;
>                        };
> This will challenge only the registers.
> Change if (method=="REGISTER") to if (method=="REGISTER" || method=="INVITE")
>  a.s.o.
> Note however that you will be able to receive calls only from users
> registered with  your proxy.
> If you plan to allow only "authorized" requests be carefull not to
> challenge ACKs and CANCELs (they must not be challenged), e.g:
> if (method!="ACK" && method!="CANCEL") {

  There is a special measure for that in auth module, it will never
  challenge ACKs and CANCELs, it will always return that the
  authentication was sucessful.


More information about the sr-users mailing list