Hello, everybody! Sorry if the issue was already discussed - there are timeouts when searching in the archive so I cannot check. I would like to strenghten security of RAS communication. CallUnregisteredEndpoints feature seems to be not implemented (GK always sends ACF regardless the other side (caller or callee) is registered in GK or not). Adding a piece of code supporting this feature in AdmissionRequest::Process seems to be easy, but it makes no sense when only a simple security is used - unauthorized and unregistered EP could pass a known endpoint's alias as its own and GK would allow the other EP (registered) to establish the connection. The option to strenghten the security is to use cryptotokens, am I right? There is hardly any information about it in the documentation. I've recompiled gnugk with support of openssl (required?) but not changed ohphone (I found in its changelog: 2001-08-10 05:06 robertj main.cxx: No longer need SSL to have H.235 security.) Which entity should require strong security with cryptotokens, is it GK? Should it return in the GCF the authentication method? How to enable it? At the moment ohphone in GRQ sends two items in authenticationCapability: authenticationBES and pwdHash, the GK responds in GCF: authenticationBES:radius. So it seems to me that EP is ready to support cryptotokens, but GK does not require this. I would be grateful for any help. With best regards, Lukasz ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
