[Serusers] avpops and ip based auth

Greger V. Teigre greger at teigre.com
Thu Jun 23 09:31:55 CEST 2005


Have you looked at allow_trusted() in (I believe) the domain module. In 
fact, when I come to think of it, maybe the functions are undocumented. I'm 
on GPRS right now, but I'll check when I get back over the weekend.
    You populate the trusted table and use allow_trusted() before auth of 
INVITE's (and probably assume that you don't get REGISTERs). There is also a 
FIFO command to reload the trusted table. I guess it's feasible to use 
REGISTER to store a new IP after a successful auth and then use IP for 
INVITE's.
    Ref. an earlier discussion, using IP for UDP is not really good 
security-wise, you should use TCP.
g-)

Iqbal wrote:
> Hi
>
> If I use avpops for IP based auth, and drop the normal
> username/password combo aside from spoofing what is the downside if
> any. Also if I do IP based auth, can I auth once, and be done with
> it, or is it auth once per call, I guess its once per call, if so is
> there any way to bypass auth completely for a particular IP address,
> again I am assuming no, since the IP will still need to be checked
> for each request.
> Iqbal
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers 




More information about the sr-users mailing list