Security in manager.conf

[GoogleCodeExporter]

Hi,

Not sure if this is the right place or not, but the outcall www site says
this is its "forum"..

I dont like adding generic grant-all access to applications in
manager.conf, so which read/write permissions are *actually* needed. i.e.
why does it need "system" ?

Also - is there any way I can lock down a users access to just their
settings? Eg, it looks like outcall can place calls to any Extension, which
might lead to end-users mis-configuring settings and putting calls to other
peoples extensions (I know this is a A*k config issue though).

Thanks

Adrian

Original issue reported on code.google.com by mradrian...@gmail.com on 21 Jul 2008 at 10:48

[GoogleCodeExporter]

"system" privilege is needed for "outcall-auth" setup (you can find it on 
download
page), which is by the way answer to your second question about restricting 
users to
their extension only.
OutCALL-auth requires user to authenticate itself with extension's username and
secret. That is why "system" privilege is required. There is one problem here. 
In
order to authenticate successfully, extension must be defined as "user" and not 
as
"peer", otherwise you will not be able to authenticate. It's because there is 
no way
to check the secret for extensions defined as "peer" through Asterisk Manager.

Original comment by denis.ko...@gmail.com on 31 Jul 2008 at 7:47

• Changed state: Accepted

[GoogleCodeExporter]

manager.conf configuration:

In OutCALL you need only "call" permission
In "OutCALL-auth" you need "call" and "system" permissions

Denis

Original comment by denis.ko...@gmail.com on 31 Jul 2008 at 9:50

[GoogleCodeExporter]

Original comment by denis.ko...@gmail.com on 13 Sep 2010 at 10:58

• Changed state: Done