[Serusers] Strange behavior of Radius-Authentification with Usernames

Hi list! I just came across something very strange when using the radius-modules and wonder if it is a wanted feature, a bug or simply me being stupid (which I guess will be the case). The thing is the following. My ser.cfg has the following in it when an UA registers: if (method=="REGISTER") { if (!radius_proxy_authorize("XXX.XXX.XXX.XXX")) { proxy_challenge("XXX.XXX.XXX.XXX", "0"); break; }; log(1,"Registered"); save("location"); break; }; This works fine, means the user get's registered, if it is known to Radius and not registered in the opposite case. Now to the strange thing. In most UAs you can enter different user-parts of the URI and Authentication-Users. I used kphone for this test and entered a valid username as authentication username and some random number (or word, that doesn't matter) as "User part of SIP URL". What happens then is, that the user can register and gets a URI different from the authenticated username. With this behavior every user would be able to "hijack" connections from other user. How can I tell SER to not allow this? Has it something to do with the SIP-Rpid argument in Radius? Ser seems to ignore it. Any hints, or RTFMs to get me looking in the right direction to solve this problem would be very kind. Best regards Kai -- Kai Militzer WESTEND GmbH | Internet-Business-Provider Technik CISCO Systems Partner - Authorized Reseller Lütticher Straße 10 Tel 0241/701333-11 km(a)westend.com D-52064 Aachen Fax 0241/911879