Asterisk Realtime Authentication


I have configured my Asterisk IAX and SIP users in a database and they are supposed to be authenticated by passwords which are md5 encrypted and stored in the realtime tables as well. I, however, noticed the user/password combinations are not verified by asterisk when the users place calls. The username alone is enough to get calls through the system and this is unsatisfactory for me since it is a potential security loop-hole.

Any pointers to what I am missing out? A flag I possibly have to switch to get the password authentication process active? I will be very grateful for any hints.


Is the context that you are using for outbound calls (for your users) the same as what you have as set for default in sip.conf ? It can be that the system is accepting all calls. Change the default context in sip.conf and see what happens.

Hi Pedros09,

How did you configur your SIP user using database? Would you like to shed some light or post here a link that I can study more?