[Users] Question on SIP authentication with users from OpenSER

[Barry Flanagan]

Hi,

This is more an Asterisk question, I know, but I am sure a good many of 
you have similar setups....

We are using Asterisk 1.2.3 with RealTime for PSTN and Voicemail where
users register with an OpenSER cluster (2 nodes currently).

When they request PSTN they are forwarded to * where they have entries
in SIP realtime database. This ensures that they get their correct
CallerID and context, etc.

This is working fine at present, where I have the SIP users set up with
the following relevant SIP entries:

                           name  username
                       callerid  "User" <XXXXXXX>
                    canreinvite  no
                        context  context
                       dtmfmode  RFC2833
                           host  123.123.123.123
                       insecure  port
                           type  friend
                       username  username


Note that I have set the host to the IP of the OpenSER server, and there
is no secret.

I have the OpenSER servers set up as peers also.

My questions are:

1. Is this the best way to to set this up?

2. I have many users, and I need to be certain that a) the username
exists and b) that the request came from one of our OpenSER servers.
Will the above ensure that both the username AND the host are correct? I
have seen instances where if I have a static SIP entry with the same
host= line, a non-existent user will be accepted as this static user.

3. How can have more than one possible host= setting for a user (i.e.
they could come in from either of our OpenSER servers.


Thanks!

-- 

-Barry Flanagan