[asterisk-bugs] [Asterisk 0011861]: "auth" doesn't work inside a [peer]

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Jul 1 09:24:15 CDT 2008


The following issue has been RESOLVED. 
====================================================================== 
http://bugs.digium.com/view.php?id=11861 
====================================================================== 
Reported By:                ibc
Assigned To:                oej
====================================================================== 
Project:                    Asterisk
Issue ID:                   11861
Category:                   Channels/chan_sip/Interoperability
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     resolved
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 100795 
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             01-29-2008 06:34 CST
Last Modified:              07-01-2008 09:24 CDT
====================================================================== 
Summary:                    "auth" doesn't work inside a [peer]
Description: 
I define a peer who needs authentication to accept calls form my Asterisk:

---sip.conf---
[peer-cdr]
type=peer
host=cdr.mydomain.org
fromuser=991847150
fromdomain=mydomain.org
auth=user51:1234 at mydomain.org
insecure=invite
qualify=no
nat=no
canreinvite=no
-------------

But it fails when Asterisk sends an INVITE to that peer. In fact, I think
the "auth" parameter inside [peer] is not parsed at all. Note in the
attached debug that after "407 Authentication required" there is not a new
INVITE from Asterisk.


But if I move the line:
  auth=user51:1234 at cdr.mydomain.org
to [authentication] section then it works!  ¿?¿

---sip.conf---
[authentication]
auth=user51:1234 at cdr.mydomain.org
--------------

Note the comment in [authentication] section:
  ; You may also add auth= statements to [peer] definitions 
  ; Peer auth= override all other authentication settings if we match on
realm

So something is buggy here IMHO.


Of course, another solution would be using "username" and "secret", but
why should I write the password in clear?

---sip.conf---
[peer-cdr]
type=peer
host=cdr.mydomain.org
fromuser=991847150
fromdomain=mydomain.org
username=user51
secret=1234
insecure=invite
qualify=no
nat=no
canreinvite=no
-------------


And remember that using "auth" in [authentication] is a risk (bug
http://bugs.digium.com/view.php?id=11776):
  http://bugs.digium.com/view.php?id=11776


====================================================================== 

---------------------------------------------------------------------- 
 oej - 07-01-08 09:24  
---------------------------------------------------------------------- 
Thanks for checking quickly! 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-01-08 09:24  oej            Resolution               open => fixed       
07-01-08 09:24  oej            Note Added: 0089505                          
======================================================================




More information about the asterisk-bugs mailing list