[Serusers] Checking user credentials on INVITE method
Jan Janak
jan at iptel.org
Thu Jul 31 12:57:49 CEST 2003
On 31-07 12:55, Andrei Pelinescu-Onciul wrote:
> On Jul 31, 2003 at 12:47, Director General: NEFACOMP <dg at nefacomp.net> wrote:
> > I know Jan won't be happy for this question because it may look simple.
> > But I have tried everything I can and after failing I decided to ask it
> > here.
> >
> > I have realized that SER checks the username and password when a UA sends a
> > REGISTER command but it doesn't check the password when a user sends a
> > INVITE command.
>
> You have in your cfg. file something like:
> if (method=="REGISTER") {
> if (!www_authorize("iptel.org", "subscriber")) {
> www_challenge("iptel.org", "0");
> break;
> };
>
> This will challenge only the registers.
> Change if (method=="REGISTER") to if (method=="REGISTER" || method=="INVITE")
> a.s.o.
>
> Note however that you will be able to receive calls only from users
> registered with your proxy.
> If you plan to allow only "authorized" requests be carefull not to
> challenge ACKs and CANCELs (they must not be challenged), e.g:
> if (method!="ACK" && method!="CANCEL") {
There is a special measure for that in auth module, it will never
challenge ACKs and CANCELs, it will always return that the
authentication was sucessful.
Jan.
More information about the sr-users
mailing list