I’m running Asterisk 1.4.0 ond Fedora Core 6. I found out, that Asterisk seems to not warn about unknown parameters in sip.conf. This is even though I ran it with very high debug output and verbosity and I also turned on debug logging in logger.conf and sipdebug in sip.conf. Normally it wouldn’t matter to me if I could insert anything into sip.conf and Asterisk will just read over it.
The reason, I think a warning about unknown parameters would be necessary is: When I accidently mistype the parametername “secret”, users are able to login without a password, which I regard as a security-risk.
Is there any way to A warn about unknown parameters in sip.conf and/or B setting a general parameter, which would not permit the creation of users without a secret (or even better, specifying a minimum password strength for secret)?
Thanks to all
Excellent point. This is a good bug report. Go file a bug.
In the meanwhile, you can run a simple parser to warn about a user section without secret - or even secret length.