[Serusers] authentication recommnedations
Jan Janak
jan at iptel.org
Thu Mar 18 16:38:09 CET 2004
Yes, there is an explanation. The default configuration file
authenticates REGISTERs only. If you want to authenticate calls
(INVITEs) as well, then you have to modify the configuration file and
insert additional authentication when INVITE is being processed.
But be careful -- you cannot authenticate all INVITE messages because
foreing users will be not able to call your subscribers (foreign users
have no username and password on your server). You should check if the
INVITE is coming from one of your subscribers and then authenticate.
Jan.
On 18-03 10:32, Ticknor.Scott at ic.gc.ca wrote:
> hey Everyone,
>
> me and my partner in the lab here have set up a very simple SER
> implementation. up to now we have been using digest authentication with
> mysql, and created users with serctl etc.
> it was nice to get it working and place some calls, we have a couple cisco
> 7960 phones as well as X-Lite clients. but in our tests we found that we
> could put *any* user name & password in the X-Lite config--and the calls
> would still succeed! the message console in X-Lite shows the 401
> unautourized response to REGISTER [which is to be expected] but then if we
> go ahead and dial...the other phone will ring.
>
> there must be an explanation. i see some people are using RADIUS for
> authentication; would a RADIUS implementation solve this problem? i cannot
> attach my ser.cfg just now...but it is almost completely stock anyway, the
> changes made were uncommenting the digest auth bits, and setting the domain
> name.
> ideas?
>
> scott t,
> DSi
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list