[asterisk-users] Multiple contacts.

Steve Totaro stotaro at first-notification.com
Wed Dec 5 16:04:18 CST 2007


SIP wrote:
>
>> Every machine in a in a Windows environment must be configured to join a 
>> domain.  A user must also be setup in that domain to log in.  It is more 
>> secure to lock that user into a single login session so that if they are 
>> logged in at one machine, they cannot login somewhere else.  Think of it 
>> like that.
>>
>> Flexibility is not always best practice nor secure.
>>
>> I do not see how internet cafes and wifi have anything to to do with 
>> anything.  If you go to any of these places with your softphone or wifi 
>> phone, they should work.  I am not sure how you would expect a computer 
>> to just know how to configure itself other than setting up a download 
>> site with a provisioning tool.  AFAIK, computers cannot read minds yet, 
>> nor just configure themselves without human intervention.
>>
>> If you want to be that flexible you can just configure Asterisk to allow 
>> you to auto register and use authenticate on dialing or to be really 
>> flexible, just leave it wide open until you file to file bankruptcy due 
>> to toll fraud.
>>
>> Thanks,
>> Steve Totaro
>>
>>     
> Don't be melodramatic, Steve.
>
> Look at most Internet services. I can log into email from just about 
> anywhere with any client. I don't have to set it up before hand. I can 
> log into my workstations from any SSH client I choose (as long as I'm in 
> an allowed network). I don't have to preconfigure which ones are allowed 
> and set them up before hand. I can log into a web site with any browser 
> I choose -- the web site owners, apart from a few modifications that 
> might need to be made for formatting, don't need to configure their site 
> for each and every browser. With SER/OpenSER, I can create a system 
> where multiple phones can log in using the same credentials because it 
> doesn't even CARE about the devices themselves -- just the users logging 
> in (on our service, I have my home phone, mobile, and work phone all 
> logged in with the same number -- it catches me anywhere I happen to be, 
> and I don't have to make modifications to the server and reload configs 
> every time I want to add a phone into the mix).
>
> And yet, none of this increases the fraud possibilities. It's simply the 
> flexibility that's expected in this day and age.
>
> As long as you authenticate SOMEhow, you're authenticated. That's kind 
> of the idea behind authentication. If username/password authentication 
> isn't enough, then perhaps there's a flaw in your auth process.
>
> It's not an unreasonable question to ask why you have to authenticate 
> BOTH the device AND the user using the device when you could just say 
> "devices are allowed to log in as long as the user is" and allow any and 
> all of them if you so CHOOSE.  You might choose not to. But it's not 
> unreasonable to want that choice.
>
> IM is one of those few scenarios where I think that I'd NOT want to have 
> possibly multiple logins at the same time. The last thing I need is to 
> have one half of a conversation on a random machine that I forgot to log 
> out of -- if nothing else, just for the space it takes up.
>
> However, with phones? One can be reasonably certain that I'm in control 
> of the phones I'm logging in from. If I'm not, then the administrator 
> should choose to disallow multiple logins from the same ID. However, if 
> so, where's the harm in allowing it?
>
> I just don't get the whole FUD issue with this. I understand that it's 
> simply part of the way PBX systems work... but discounting the option as 
> 'dangerous' is just masking the issue.
>
> N.
>   

Not sure what the whole FUD thing is but you do seem very passionate 
about it....

Short answer, no it cannot be done, don't like it?  Use SER as you say 
or change the Asterisk code, it is opensource after all.  It is what it is.

Thanks,
Steve Totaro



More information about the asterisk-users mailing list