[asterisk-bugs] [Asterisk 0012157]: Global Register vs Global Authentication error
noreply at bugs.digium.com
noreply at bugs.digium.com
Tue Jul 1 07:35:45 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12157
======================================================================
Reported By: csabka
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12157
Category: Channels/chan_sip/Registration
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 106328
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 03-06-2008 05:28 CST
Last Modified: 07-01-2008 07:35 CDT
======================================================================
Summary: Global Register vs Global Authentication error
Description:
I have a problem with global authentication based on username.
(I've tried also with match_auth_username=yes option, but nothing
changed)
The problem is the following:
I have two SIP account with different password at the same ITSP. If I
register it:
register=<user1>:<secret1>@sip.itsp.dom/<user1>
register=<user2>:<secret2>@sip.itsp.dom/<user2>
It works fine:
sip show registry
Host Username Refresh State
sip.itsp.dom:5060 <user1> 105 Registered
sip.itsp.dom:5060 <user2> 105 Registered
After I delete the secret from the register line, like this:
register=<user1>@sip.itsp.dom/<user1>
register=<user2>@sip.itsp.dom/<user2>
and add global authentication:
[authentication]
auth = <user1>:<secret1>@<realm>
auth = <user2>:<secret2>@<realm>
then:
Host Username Refresh State
sip.itsp.dom:5060 <user1> 105 Registered
sip.itsp.dom:5060 <user2> 120 Auth. Sent
After I change the order of global authentication
[authentication]
auth = <user2>:<secret2>@<realm>
auth = <user1>:<secret1>@<realm>
then:
Host Username Refresh State
sip.itsp.dom:5060 <user1> 120 Auth. Sent
sip.itsp.dom:5060 <user2> 105 Registered
I have also tried if I didn't delete the secret from register, but the
same result as above. Note that the realm is totally different from
sip.itsp.dom.
I found an interesting "solution". If I change my ITSP's password to the
same for all my accounts (user2's secret to the same as user1) then it
works.
Summary: This can only work if user[n] to user[n+1] has the same password:
secret[n]=secret[n+1]
Regards:
Csaba Lack
======================================================================
----------------------------------------------------------------------
oej - 07-01-08 07:35
----------------------------------------------------------------------
You are assuming that the "user" is the From username field, not the
authentication user. In the realm based authentication, it's the digest
auth user that is specified, NOT the From username.
In order to support this, we need to add a new specifier, which should be
a full URI, not only the username part. That's why I see this as a feature
request, not a bug report.
Issue History
Date Modified Username Field Change
======================================================================
07-01-08 07:35 oej Note Added: 0089467
======================================================================
More information about the asterisk-bugs
mailing list