Andres wrote:
I just tried this myself and it behaves as you have described it. No need to use a username. When the call comes in on the remote Asterisk, the iax.conf simply tries to match the password to any entry. The first entry with a matching password gets used. I suggest you open a bug to at least get this documented.
Done, as bug 1928, although the notes for 1458 imply that Mark is aware of this issue and the code is not faulty... he wants it work this way. Personally I cannot see the value in allowing completely anonymous IAX connections, especially since they can connect as _any_ user you may have specified in your iax.conf file by just guessing the password.
Granted, if your IAX users are on fixed IP addresses you can use IP-based access control, and if you can use keys then that also solves the problem even for users with dynamic IPs. However, I'd like to see some explanation of why anonymous connections are allowed to iax.conf user entries with secrets specified; at best, I would think that anonymous connections should only be allowed to user entries with _no_ secret specified.
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
