Hi List At the moment, we challenge every invite (and re-invite) to make sure the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we challenge a Re-Invite. According to the vendor of that PBX's RFC interpretation, answering a challenge to a re-invite is optional. If that is ignored by the PBX, then the existing established dialog shall not end. Unfortunately this causes the session timer to run out. I am therefore wondering, if there is a safe way not to challenge re-invites. A Re-Invite contains a To-Tag. So I could bypass authentication on presence of a to-Tag. But then, how do I prevent a customer to just set a spoofed To-Tag to circumvent authentication? Is there a feasible way? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
