[asterisk-bugs] [Asterisk 0005424]: [patch] SIP peer authentication on an external database (RADIUS - LDAP)

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Aug 2 03:33:45 CDT 2007


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=5424 
====================================================================== 
Reported By:                phsultan
Assigned To:                oej
====================================================================== 
Project:                    Asterisk
Issue ID:                   5424
Category:                   Channels/chan_sip
Reproducibility:            N/A
Severity:                   feature
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases): trunk 
SVN Revision (number only!): 54702 
Disclaimer on File?:        Yes 
Request Review:              
====================================================================== 
Date Submitted:             10-11-2005 08:44 CDT
Last Modified:              08-02-2007 03:33 CDT
====================================================================== 
Summary:                    [patch] SIP peer authentication on an external
database (RADIUS - LDAP)
Description: 
We have been working on integrating an existing authentication database to
our Asterisk server, for a remote access telephony solution.

We focused on RADIUS and patched Asterisk to have it working. We are
planning to have a backend LDAP server accessed through RADIUS for
authentication in a near future.

The sip.conf file does not contain any secret (clear or hashed), and we
added an attribute 'auth_type' that specifies the type of authentication,
set to PAM in the following example :

	[username]
	type=friend
	context=from-sip-remote-clients
	fromdomain=inria.fr
	auth_type=pam
	host=dynamic



We patched the chan_sip.c file, $Revision: 1.872$. We actually brought the
RADIUS client functionnality for authentication (triggered on registration)
using a PAM module : pam_radius. This is because we expect that other PAM
authentication modules than pam_radius could be used for the same purpose.

The pam_radius module needed also some slight modifications in order to
handle the digest authentication mechanism :
http://bugs.freeradius.org/show_bug.cgi?id=259

We would like to have some feedback about this, thank you in advance.

Best regards, happy Astricon to those concerned!

Philippe Sultan
INRIA

PS : Disclaimer sent on 2005-09-30
====================================================================== 

---------------------------------------------------------------------- 
 okrief - 08-02-07 03:33  
---------------------------------------------------------------------- 
It seems that several enhancements to original patch scope are added now
and then.

I'm wondering if we should better focus on testing original patch, have it
committed to trunk ASAP and keep further improvements to next release
cycle.

This patch has already a long history and we need SIP authentication on an
external database now.

How could we add IAX authentication or PAM or whatever if don't start now
to gather field experience.

So, does the original patch work for you ? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-02-07 03:33  okrief         Note Added: 0068300                          
======================================================================




More information about the asterisk-bugs mailing list