[Serusers] avpops and ip based auth
Iqbal
iqbal at gigo.co.uk
Thu Jun 23 10:37:48 CEST 2005
allow_trusted I already use, just wanted to know which is better, or is
it just personal preference here. If either is used and looking by the
acc table billing could still be pulled even thought no
username/password..any inputs here.
Iqbal
On 6/23/2005, "Greger V. Teigre" <greger at teigre.com> wrote:
>Have you looked at allow_trusted() in (I believe) the domain module. In
>fact, when I come to think of it, maybe the functions are undocumented. I'm
>on GPRS right now, but I'll check when I get back over the weekend.
> You populate the trusted table and use allow_trusted() before auth of
>INVITE's (and probably assume that you don't get REGISTERs). There is also a
>FIFO command to reload the trusted table. I guess it's feasible to use
>REGISTER to store a new IP after a successful auth and then use IP for
>INVITE's.
> Ref. an earlier discussion, using IP for UDP is not really good
>security-wise, you should use TCP.
>g-)
>
>Iqbal wrote:
>> Hi
>>
>> If I use avpops for IP based auth, and drop the normal
>> username/password combo aside from spoofing what is the downside if
>> any. Also if I do IP based auth, can I auth once, and be done with
>> it, or is it auth once per call, I guess its once per call, if so is
>> there any way to bypass auth completely for a particular IP address,
>> again I am assuming no, since the IP will still need to be checked
>> for each request.
>> Iqbal
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
More information about the sr-users
mailing list