[Freeswitch-users] sip profile - accept-blind-auth vs
Daniel-Constantin Mierla
miconda at gmail.com
Wed Aug 22 02:33:56 MSD 2012
Hello,
the version is:
FreeSWITCH version: 1.2.1+git~20120816T172128Z~6dc9596bec (1.2.1; git at
commit 6dc9596bec on Thu, 16 Aug 2012 17:21:28 Z)
Did few calls and got one more strange situation. So I commented the line:
<param name="accept-blind-auth" value="true"/>
and let:
<param name="auth-calls" value="true"/>
Surprising, the calls are not authenticated.
But if I set:
<param name="auth-calls" value="false"/>
I get 407 reply.
To summarize, I got:
1) auth-calls=false and accept-blind-auth=true => no 407 reply
2) auth-calls=false and accept-blind-auth commented => 407 reply
3) auth-calls=true and accept-blind-auth commented => no 407 reply
Looks like 3) is opposite than expected. Maybe it's too late in the
night here, missing something obvious, I will try again tomorrow morning
and I will fire a bug if it is really the case.
Cheers,
Daniel
On 8/21/12 11:43 PM, Michael Collins wrote:
> FWIW, I could not reproduce this behavior on v1.2.stable branch. When
> I set auth-calls=false in the SIP profile and make an inbound call it
> just relies on the ACL and that's it.
>
> Miconda, what version of FS did you say you were running?
>
> -MC
>
> On Tue, Aug 21, 2012 at 1:50 PM, Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
> Hi Mike,
>
> On 8/21/12 10:27 PM, Michael Jerris wrote:
> > auth-calls false means we won't challenge invite,
> accept-blind-auth means if auth headers are there, we ignore them.
>
> it is what I expected from auth-calls (and worked like this in the
> past), but now even if set to false, the calls are challenged with 407
> reply for authentication. Only when I set accept-blind-auth to false
> there is no 407.
>
> Overall, it gets me what I need, access being granted on IP acl, but I
> wanted to double check if such change in behaviour of auth-calls was
> done on purpose. I will review my changes comparing with the default
> configs to see if I modified other params that could result in this
> situation, although I think there is no other related parameter.
>
> Cheers,
> Daniel
>
> >
> > Mike
> >
> > On Aug 21, 2012, at 1:57 PM, Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
> >
> >> Hello,
> >>
> >> in the past I used to set:
> >>
> >> <param name="auth-calls" value="false"/>
> >>
> >> in the sip profile in order to skip user authentication for calls.
> >>
> >> Lately I started to play a bit with 1.2 stable branch and seems
> that
> >> setting auth-calls to false is no longer doing what I expected,
> calls
> >> being challenged for user authentication.
> >>
> >> Setting instead the accept-blind-auth to false got me what I
> wanted, like:
> >>
> >> <!-- accept any authentication without actually checking
> (not a
> >> good feature for most people) -->
> >> <param name="accept-blind-auth" value="true"/>
> >>
> >> But from the comment (checked the wiki as well, but has the
> same text)
> >> is a bit unclear what is the real purpose for it.
> >>
> >> Isn't auth-calls=false supposed to accept calls without user
> >> authentication anymore?
> >>
> >> For this particular case, I play some announcements, like 'user not
> >> available', and should work also for calls coming from outside. The
> >> access is restricted by IP address ACL, allowing SIP traffic
> only from
> >> my Kamailio instance.
> >
> >
> _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> > http://www.freeswitchsolutions.com
> >
> >
> >
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://wiki.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
> http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Berlin, Nov 5-8, 2012 -
> http://asipto.com/u/kat
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
> Michael S Collins
> Twitter: @mercutioviz
> http://www.FreeSWITCH.org
> http://www.ClueCon.com
> http://www.OSTAG.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120822/2b64b5f4/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list