[asterisk-bugs] [Asterisk 0005424]: [patch] SIP peer authentication on an external database (RADIUS - LDAP)
noreply at bugs.digium.com
noreply at bugs.digium.com
Thu Aug 2 01:21:50 CDT 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=5424
======================================================================
Reported By: phsultan
Assigned To: oej
======================================================================
Project: Asterisk
Issue ID: 5424
Category: Channels/chan_sip
Reproducibility: N/A
Severity: feature
Priority: normal
Status: feedback
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 54702
Disclaimer on File?: Yes
Request Review:
======================================================================
Date Submitted: 10-11-2005 08:44 CDT
Last Modified: 08-02-2007 01:21 CDT
======================================================================
Summary: [patch] SIP peer authentication on an external
database (RADIUS - LDAP)
Description:
We have been working on integrating an existing authentication database to
our Asterisk server, for a remote access telephony solution.
We focused on RADIUS and patched Asterisk to have it working. We are
planning to have a backend LDAP server accessed through RADIUS for
authentication in a near future.
The sip.conf file does not contain any secret (clear or hashed), and we
added an attribute 'auth_type' that specifies the type of authentication,
set to PAM in the following example :
[username]
type=friend
context=from-sip-remote-clients
fromdomain=inria.fr
auth_type=pam
host=dynamic
We patched the chan_sip.c file, $Revision: 1.872$. We actually brought the
RADIUS client functionnality for authentication (triggered on registration)
using a PAM module : pam_radius. This is because we expect that other PAM
authentication modules than pam_radius could be used for the same purpose.
The pam_radius module needed also some slight modifications in order to
handle the digest authentication mechanism :
http://bugs.freeradius.org/show_bug.cgi?id=259
We would like to have some feedback about this, thank you in advance.
Best regards, happy Astricon to those concerned!
Philippe Sultan
INRIA
PS : Disclaimer sent on 2005-09-30
======================================================================
----------------------------------------------------------------------
skvidal - 08-02-07 01:21
----------------------------------------------------------------------
I've been trying to figure out if this set of patches is generic enough to
support general pam authentication. Something like what I've described
here:
http://forums.digium.com/viewtopic.php?p=55222
the gist of it is: if the user has a system account (auth'd by pam) then
they also have an asterisk account for users.conf purposes.
-sv
Issue History
Date Modified Username Field Change
======================================================================
08-02-07 01:21 skvidal Note Added: 0068295
======================================================================
More information about the asterisk-bugs
mailing list