[asterisk-bugs] [JIRA] (ASTERISK-21277) stasis-http authentication
David M. Lee (JIRA)
noreply at issues.asterisk.org
Fri Mar 15 09:42:03 CDT 2013
David M. Lee created ASTERISK-21277:
---------------------------------------
Summary: stasis-http authentication
Key: ASTERISK-21277
URL: https://issues.asterisk.org/jira/browse/ASTERISK-21277
Project: Asterisk
Issue Type: New Feature
Security Level: None
Components: Core/Stasis, Resources/res_stasis_http
Reporter: David M. Lee
{{stasis-http}} currently does no authentication checking. The, needless to say, is a Bad Thing™.
We should support:
* HTTP Basic authentication
* {{crypt(3)}} encrypted password
* Password-less authentication (logging in using ?api_key=username)
* Read-only users
The sample config should be something like this:
{code:none}
;[user-username]
;read_only = no ; When set to yes, user is only authorized for
; ; read-only requests
;
; If a password is specified, user must authenticate using HTTP Basic
; authentication. If no password is specified, then the user may authenticate
; simply by adding ?api_key=username to their requests.
;
;password = ; Crypted or plaintext password (see crypt_password)
;
; crypt_password may be set to crypt (the default) or plain. When set to crypt,
; crypt(3) is used to encrypt the password. A crypted password can be generated
; using mkpasswd -m sha-512.
;
; When set to plain, the password is in plaintext
;
;crypt_password = crypt
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list