Re: [asterisk-users] skip authentication for REGISTER

2012-02-14 Thread Matt Hamilton 

Thanks Kevin. 

Seems like remotesecret takes over if secret is not defined - I'll do further 
tests..

The authentication for REGISTERs and SUBSCRIBEs are done at a sip proxy 
(opensips) - I'll try to take care of the UAC authorization request for NOTIFY 
there (if possible).

Regards,
Matt



> Date: Tue, 14 Feb 2012 09:44:38 -0600
> From: kpflem...@digium.com
> To: asterisk-users@lists.digium.com
> Subject: Re: [asterisk-users] skip authentication for REGISTER
> 
> On 02/14/2012 08:43 AM, Matt Hamilton wrote:
> > Hi,
> >
> > For REGISTER and SUBSCRIBE requests coming from UACs, is it possible to
> > make Asterisk skip authentication even if a "secret" is defined in
> > sip.conf for the peer; i.e. similar to insecure=invite for INVITE requests?
> >
> > If I leave "secret" blank, Asterisk doesn't require any authentication -
> > this works as I want. However, I also use "SIP NOTIFY" to contact UACs
> > (UACs are set to require authorization for NOTIFY), but without the
> > "secret" defined, Asterisk can't send the correct authorization.
> 
> You can use 'remotesecret' to set the secret string for Asterisk to use 
> to respond to authentication challenges. There isn't any way to make 
> REGISTER/SUBSCRIBE/etc. insecure like there is for INVITEs... I can't 
> imagine that many people would want unauthenticated REGISTERs to be 
> allowed :-)
> 
> -- 
> Kevin P. Fleming
> Digium, Inc. | Director of Software Technologies
> Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at www.digium.com & www.asterisk.org
> 
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
  --
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] skip authentication for REGISTER

2012-02-14 Thread Kevin P. Fleming 

On 02/14/2012 08:43 AM, Matt Hamilton wrote:

Hi,

For REGISTER and SUBSCRIBE requests coming from UACs, is it possible to
make Asterisk skip authentication even if a "secret" is defined in
sip.conf for the peer; i.e. similar to insecure=invite for INVITE requests?

If I leave "secret" blank, Asterisk doesn't require any authentication -
this works as I want. However, I also use "SIP NOTIFY" to contact UACs
(UACs are set to require authorization for NOTIFY), but without the
"secret" defined, Asterisk can't send the correct authorization.


You can use 'remotesecret' to set the secret string for Asterisk to use 
to respond to authentication challenges. There isn't any way to make 
REGISTER/SUBSCRIBE/etc. insecure like there is for INVITEs... I can't 
imagine that many people would want unauthenticated REGISTERs to be 
allowed :-)


--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users