[Asterisk-Dev] Don't understand authentication with SIP?

Stephen Davies steve at daviesfam.org
Tue Apr 8 14:06:15 MST 2003


Hi,

I'm trying to understand authentication in the chan_sip code

How does * decide whether authentication is required for an incoming
INVITE?

check_user seems to compare the username part of the URI against the
various SIP users defined.  But what if we get a name-clash with a
incoming call from another domain?

IE I have a phone with username "ata186" that is a "friend" of my * - when
it tries to make calls to * it will be asked to provide
authentication.  Which is fine and right.

But now an incoming call from "outside" arrives from
ata186 at someotherdomain.  Won't this call be challenged for auth - and the
caller won't be able to provide it?

Shouldn't check_user also check for "our" domain?

Thanks,
Steve




More information about the asterisk-dev mailing list