Hi Klaus,
if you do auth before check_to/from, the domain is already checked
against the realm - auth does this; it gets the domain either from
script, either from To/From URI and looks only for credentials with
domain==realm.
regards,
bogdan
Klaus Darilion wrote:
Hi!
I think typical multidomain setups (at least mine) use identical
username for authentication and the SIP Aor.
e.g.
SIP AoR: [EMAIL PROTECTED]
auth user: user1
realm: domain1
SIP AoR: [EMAIL PROTECTED]
auth user: user2
realm: domain2
Further, check_to/from is used to prevent registration hijacking. This
works fine as long as user1 != user2. But if I have sip:[EMAIL PROTECTED]
and sip:[EMAIL PROTECTED] also the domain of the from/to header must be
checked against the realm.
Probably this can be done using pseudo variables and avpcheck but
shouldn't it be done automatically in check_to/from (and expand the
uri table to allow same auth user (username) for different realms)?
regards
klaus
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel
