Clearly, you can only authenticate sequential requests corresponding to calls whose initial requests were subject to authentication. If the initial request was not authenticated, there is no reason to believe that the endpoint would support authentication of sequential requests.

As to whether you should do this, that is a controversial matter. I suppose that the security-maximising approach would be to challenge all requests, but it invites problems with many endpoints.

--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Atlanta, GA 30030
Tel: +1-678-954-0671
Web: http://www.evaristesys.com/, http://www.alexbalashov.com

David <kamailio.org@spam.lublink.net> wrote:

Hello,

Should I be requiring users to authenticate before letting them into loose_route(); ? What about anonymous calls from E164, how do I authenticate these calls after they have started?

Thanks,

David