[asterisk-bugs] [Asterisk 0012157]: Global Register vs Global Authentication error

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Apr 2 07:31:32 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12157 
====================================================================== 
Reported By:                csabka
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12157
Category:                   Channels/chan_sip/Registration
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 106328 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             03-06-2008 05:28 CST
Last Modified:              04-02-2008 07:31 CDT
====================================================================== 
Summary:                    Global Register vs Global Authentication error
Description: 
I have a problem with global authentication based on username.
(I've tried also with match_auth_username=yes option, but nothing
changed)

The problem is the following:

I have two SIP account with different password at the same ITSP. If I
register it:
register=<user1>:<secret1>@sip.itsp.dom/<user1>
register=<user2>:<secret2>@sip.itsp.dom/<user2>

It works fine:
sip show registry
Host		Username	Refresh State               
sip.itsp.dom:5060	<user1>		105 Registered          
sip.itsp.dom:5060	<user2>		105 Registered

After I delete the secret from the register line, like this:
register=<user1>@sip.itsp.dom/<user1>
register=<user2>@sip.itsp.dom/<user2>

and add global authentication:
[authentication]
auth = <user1>:<secret1>@<realm>
auth = <user2>:<secret2>@<realm>

then:
Host		Username	Refresh State               
sip.itsp.dom:5060	<user1>		105 Registered          
sip.itsp.dom:5060	<user2>		120 Auth. Sent

After I change the order of global authentication
[authentication]
auth = <user2>:<secret2>@<realm>
auth = <user1>:<secret1>@<realm>

then:
Host		Username	Refresh State               
sip.itsp.dom:5060	<user1>		120 Auth. Sent
sip.itsp.dom:5060	<user2>		105 Registered

I have also tried if I didn't delete the secret from register, but the
same result as above. Note that the realm is totally different from
sip.itsp.dom. 

I found an interesting "solution". If I change my ITSP's password to the
same for all my accounts (user2's secret to the same as user1) then it
works. 

Summary: This can only work if user[n] to user[n+1] has the same password:
secret[n]=secret[n+1]

Regards:
Csaba Lack
====================================================================== 

---------------------------------------------------------------------- 
 csabka - 04-02-08 07:31  
---------------------------------------------------------------------- 
So you mean that it won't be changed, because this is not a bug just a
design?
If it is true, why is there an option to set username? 
syntax:
auth = <user>:<secret>@<realm>

so if you are right with the design in your case it should be the syntax:
auth = secret at realm  (without user field)

I think if the user field exists then it should be called as a bug, a
wontfix known bug.

Regards:
Csaba Lack 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-02-08 07:31  csabka         Note Added: 0084914                          
======================================================================




More information about the asterisk-bugs mailing list