[Asterisk-Dev] Pluggable authentication for assorted channels

Olle E. Johansson oej at edvina.net
Tue Oct 28 00:18:20 MST 2003


James Sharp wrote:

> I'd like people's input on this (better ideas are encouraged!)
> 
> I've got a client who wants LDAP authentication added to chan_sip.  I was
> poking at it for a while, then decided "Hey, why not just add an
> abstraction layer for authentication that could be used for any other
> authentication?".
> 
> So I mulled over it a bit and came up with this:
> 
> Add a built-in to * for all of this...call it ast_pam_auth for lack of a
> better name.  You call it with a variable set of arguments which details
> your request from the PAM system.  The prototype looks something like
> this:
See
http://www.voip-info.org/tiki-index.php?page=Asterisk+password+files
where I recently tried to document places where Asterisk have authentication
of some kind. I'm not sure I've covered all places, but it is quite a few.

So there's some groundwork to do with users and roles and groups here,
before we do the actual connections to some other authentication platform,
be it SASL, PAM, LDAP, SQL or something else.

One small but important fact is that a user needs a pin code for identification
over voice lines (DTMF) and maybe something stronger for other types of
authentication, like the manager interface.

We might want to explore if there's a way to connect groups with contexts.
Regardless if I authenticate as a SIP or MGCP user, I belong to the same context.

Just some thoughts...

/O




More information about the asterisk-dev mailing list