Have you looked at allow_trusted() in (I believe) the domain module. In fact, when I come to think of it, maybe the functions are undocumented. I'm on GPRS right now, but I'll check when I get back over the weekend. You populate the trusted table and use allow_trusted() before auth of INVITE's (and probably assume that you don't get REGISTERs). There is also a FIFO command to reload the trusted table. I guess it's feasible to use REGISTER to store a new IP after a successful auth and then use IP for INVITE's. Ref. an earlier discussion, using IP for UDP is not really good security-wise, you should use TCP. g-)
Iqbal wrote:
Hi
If I use avpops for IP based auth, and drop the normal username/password combo aside from spoofing what is the downside if any. Also if I do IP based auth, can I auth once, and be done with it, or is it auth once per call, I guess its once per call, if so is there any way to bypass auth completely for a particular IP address, again I am assuming no, since the IP will still need to be checked for each request. Iqbal
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers