[Serusers] avpops and ip based auth
Greger V. Teigre
greger at teigre.com
Thu Jun 23 09:31:55 CEST 2005
Have you looked at allow_trusted() in (I believe) the domain module. In
fact, when I come to think of it, maybe the functions are undocumented. I'm
on GPRS right now, but I'll check when I get back over the weekend.
You populate the trusted table and use allow_trusted() before auth of
INVITE's (and probably assume that you don't get REGISTERs). There is also a
FIFO command to reload the trusted table. I guess it's feasible to use
REGISTER to store a new IP after a successful auth and then use IP for
INVITE's.
Ref. an earlier discussion, using IP for UDP is not really good
security-wise, you should use TCP.
g-)
Iqbal wrote:
> Hi
>
> If I use avpops for IP based auth, and drop the normal
> username/password combo aside from spoofing what is the downside if
> any. Also if I do IP based auth, can I auth once, and be done with
> it, or is it auth once per call, I guess its once per call, if so is
> there any way to bypass auth completely for a particular IP address,
> again I am assuming no, since the IP will still need to be checked
> for each request.
> Iqbal
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list