We spent some time yesterday trying to understand how IAX2
authentication works, and now I'm confused...
Let's say that the receiving end has this entry in their iax.conf file:
[remote-site]
type=user
secret=foo
auth=md5
context=incoming
host=dynamic
The way I see it, there are two ways to initiate an outbound IAX2
connection to this system:
1) Use Dial, as in:
Dial(IAX2/remote-site:foo@local-site.domain.com/extension)
In this mode, the IAX2 setup message contains a USERNAME
("remote-site"), and the receiving system compares it to the entity
name
in iax.conf, before comparing the secret. This is fine.
2) Use Dial and iax.conf, as in:
Dial(IAX2/local-site/extension)
and in remote-site's iax.conf:
[local-site]
type=peer
secret=foo
auth=md5
host=local-site.domain.com
In this mode, the IAX2 setup message _does not_ contain a USERNAME, and
the receiving system somehow manages to find the proper entry and
authenticate the connection.
However, the only way that I could see that this would be possible is
that the receiving system is comparing the supplied "secret" against
all
secrets in it's iax.conf file to try to find a match. I don't know how
that is possible using md5 authentication, but even if it is, I don't
particularly like it. That means someone can connect to my Asterisk
server over IAX if they can guess _any_ secret that happens to be in my
iax.conf file.
I really would prefer to not embed the username/password information in
my Dial commands (that way it doesn't have to be duplicated in multiple
contexts, and it's more logically stored in iax.conf anyway), but unless
I do that Asterisk does not send a USERNAME to the receiving server and
thus the authentication is not very secure.
Is there a reason why Asterisk allows incoming IAX2 calls without
USERNAME specified at all?