2011/4/11 Daniel-Constantin Mierla miconda@gmail.com:
first, skipping authentication for within dialog requests in default configuration file comes mainly from the early years when not many sip endpoints supported that. But can be done, of course and perhaps it should be enabled (or at least added as a #!define option)
I don't think that is a good option. It would break lot of scenarios:
- An incoming INVITEl with RURI sip:alice@domain.org and To URI sip:200@domain.org arrives to Kamailio which does lookup and routes the call to alice.
- The call is established.
- Later alice sends a REFER or a re-INVITE. Note that the request would contain "From: sip:200@domain.org" (even if the AoR of alice us "sip:alice@domain.org". This is because From/To URI are usually unchanged whithin a dialog.
- Kamailio ask for authentication to such REFER or re-INVITE.
- alice's device adds "Proxy-Authorization: Digest username="alice", .....".
- If Kamailio does "check_from" the request would be rejected (as "alice" doesn't match "200").