Unintended user authentication


#1

Hello!
In some of my tests with asterisk I found out some very strange bahavior regarding to user authentication. Here is my test scenario:

I have one Linksys PAP2 (that have two distinct lines) connectect to my server.
The configuration is this:

LINE1:
proxy => My asterisk server
username => pap11
password => pap11

LINE2:

proxy => My asterisk server
username => pap12
password => pap12

In my sip.conf i have this:
[general]
context = alone

[pap11]
type=friend;
secret=pap11
insecure=very
host=dynamic
canreinvite=yes
context = call

in the extension.conf i have

[alone]
; no one to call

[call]

exten => 2,1,BackGround(demo-moreinfo)
exten => 2,n,Goto(s,instruct)

as u can see, there’s no pap12 user, so, as pap12 will not register itself it will fall into alone context, so cannot call anywhere… the line 1 (pap11) will register and use the call context, so it can call the demo message. ok, here is the problem

as both lines is in the same PAP2 they have the same IP address… so, line 1 will register itself and, for an unknown reason (for me), Line 2 will get an error while registering (that is right) but will fall into the call context, just like line 1.
This is a serious problem for sure, and I cant figure out why this is happening, probably asterisk link both by the IP address…
another test I made was to create the user pap12 and force the alone context to it, and it works like it should be!

anyone here noticed this behavior too??

regards

Carlos Barros