[Serusers] Users authentication scheme
Federico Giannici
giannici at neomedia.it
Fri Aug 12 15:45:54 CEST 2005
Hummm...It seems my email didn't interested anybody...
Let's try another sub-question.
Yesterday I read the specification of the Remote-Party-ID header field
and it says that it is used "When an untrusted UAC sends an INVITE,
OPTIONS, REGISTER or extension method request". That is EVERY method
(even unknown ones) except ACK, BYE and CANCEL.
It make sense to me to follow the same rule for the authentication,
because those three methods are in practice "responses" to previous
actions, and so shouldn't be blocked.
Do you agree?
Thanks.
Federico Giannici wrote:
> I'm relatively new to SIP and I'm learning how to configure SER for a
> little ISP.
>
> I'm currently asking myself when we should authenticate users.
> Obviously, I don't wont to have an open-relay SIP server. So I'm
> thinking that I have to authenticate users for every message that comes
> and that have a "From:" header that matches one of our domains.
> Is this correct?
>
> Then I have to call check_to() for REGISTER messages and check_from()
> for all the others.
> Is this correct?
>
> So here it is a scheme of the logic I'm going to implement.
> Do you think is correct?
>
> IF uri == myself
> IF method == REGISTER
> www_authenticate()
> check_to()
> save()
> ELSE
> IF From == myself
> proxy_authenticate()
> check_from()
> Normal processing
> ELSE
> IF From == myself
> proxy_authenticate()
> check_from()
> t_relay()
> ELSE
> Error!
>
>
> Thanks.
>
--
___________________________________________________
__
|- giannici at neomedia.it
|ederico Giannici http://www.neomedia.it
___________________________________________________
More information about the sr-users
mailing list