[Asterisk-Dev] Don't understand authentication with SIP?
Stephen Davies
steve at daviesfam.org
Tue Apr 8 14:06:15 MST 2003
Hi,
I'm trying to understand authentication in the chan_sip code
How does * decide whether authentication is required for an incoming
INVITE?
check_user seems to compare the username part of the URI against the
various SIP users defined. But what if we get a name-clash with a
incoming call from another domain?
IE I have a phone with username "ata186" that is a "friend" of my * - when
it tries to make calls to * it will be asked to provide
authentication. Which is fine and right.
But now an incoming call from "outside" arrives from
ata186 at someotherdomain. Won't this call be challenged for auth - and the
caller won't be able to provide it?
Shouldn't check_user also check for "our" domain?
Thanks,
Steve
More information about the asterisk-dev
mailing list