Device Authentication Call Server Configuration
Polycom, Inc. 265
Shared Outbound Authentication On the Shared Outbound Authentication tab, you can maintain the Call
Server’s general list of authentication credentials, which it uses to authenticate
itself on behalf of calling devices to external SIP peers for which the
appropriate device-specific credentials haven’t been defined.
The Call Server intercepts and responds to authentication challenges from SIP
peers on behalf of some or all devices calling though the Call Server. This
feature allows authentication security between the Call Server and its peers to
be completely separate from security between the endpoints and the Call
Server.
When you add an external SIP peer, you can specify whether the Call Server
handles challenges (401 and 407) on behalf of the source of the call or passes
them on to the source of the call. You can also define authentication credentials
specifically for that SIP peer. See “Add External SIP Peer Dialog Box” on
page1 09.
The following table describes the fields on the Device Authentication page.
Note
For H.323, when you add a neighbor gatekeeper, you can configure the system to
send its H.235 credentials when it sends address resolution requests to that
gatekeeper. See “Add External Gatekeeper Dialog Box” on page104.
Table10-16 Fields on the Device Authentication page
Field Description
Inbound Authentication
SIP device
authentication settings
Use default realm This option, the default, sets the realm for the Call
Server to the cluster’s domain as specified on the
Network Settings page (allowing each cluster of a
supercluster to have its own realm). If no domain is
specified on the Network Settings page, the default
realm value is
sip.dma
.
Clear the check box to change the string in the Realm
field.
Realm The realm string in an authentication challenge tells the
challenged device the protection domain for which it
must provide credentials.
Generally, it includes the domain label of the Call
Server. See RFC2617 and RFC 3261.
If you specify a realm instead of using the default, the
realm you specify is used for all clusters in the
supercluster.