Do not enable lt-cred-mech in coturn config

[basisbit]

lt-cred-mech can not be used while use-auth-secret is specified. Current versions of coturn will not start and tell you that this is a wrong configuration. See coturn/coturn#360

[lonesomewalker]

Erm... i don't know what you are doing, but this runs VERY WELL on all of our servers...
And we run more than 10k worldwide.

[ffdixon]

I did a couple hours of testing before updating bbb-install.sh with the newer coturn setup and didn't see any issues with running lt-cred-mech on Ubuntu 20.04.

[hex-m]

This topic is also discussed in bigbluebutton/bbb-install#157 and #138.

My understanding is that lt-cred-mech is only necessary for Kurento to find out the public IP if the system is NATed. This manual suggests configuring the public IP in WebRtcEndpoint.conf.ini.

[znerol]

@ffdixon there seems to be a misunderstanding here. Kurento can use coturn in two different ways. Either stunServerAddress and stunServerPort can be configured. In that case there is no authentication performed at all when kurento figures out its external address by communication with coturn over the STUN protocol. No need to specify lt-cred-mech here.

However, when running kurento with TURN server configured using turnURL, then it needs to authenticate via TURN protocol when communication with coturn. In that case it is necessary to specify lt-cred-mech and you need to hard-code username / password combinations in turnserver.conf. However, that only works if use-auth-secret is not enabled.

Note that turnserver.conf referes to TURN REST API and TURN Server REST API in some places. This is the authentication mode activated by use-auth-secret and used in virtually any WebRTC application (BBB, Jitsi, Matrix, Nextcloud Talk, ...).

lt-cred-mech does not do anything and should be commented out in order to reduce clutter in a configfile which already exposes a very big amount of confusing options.