asterisk users - Feb 2006 - Question on SIP authentication with users from OpenSER

Hi,

We are using Asterisk 1.2.3 with RealTime for PSTN and Voicemail where 
users register with an OpenSER cluster (2 nodes currently).

When they request PSTN they are forwarded to * where they have entries 
in SIP realtime database. This ensures that they get their correct 
CallerID and context, etc.

This is working fine at present, where I have the SIP users set up with 
the following relevant SIP entries:

                           name  username
                       callerid  "User" <XXXXXXX>
                    canreinvite  no
                        context  context
                       dtmfmode  RFC2833
                           host  87.232.1.16
                       insecure  port
                           type  friend
                       username  username


Note that I have set the host to the IP of the OpenSER server, and there 
is no secret.

I have the OpenSER servers set up as peers also.

My questions are:

1. Is this the best way to to set this up?

2. I have many users, and I need to be certain that a) the username 
exists and b) that the request came from one of our OpenSER servers. 
Will the above ensure that both the username AND the host are correct? I 
have seen instances where if I have a static SIP entry with the same 
host= line, a non-existent user will be accepted as this static user.

3. How can have more than one possible host= setting for a user (i.e. 
they could come in from either of our OpenSER servers.


Thanks!

-- 

-Barry Flanagan