[asterisk-dev] SIP users authentication ...

Mauro Sergio Ferreira Brasil mauro.brasil at tqi.com.br
Mon Aug 24 07:14:06 CDT 2009 

Hello there!

I've sent this message some time ago, and I've got no answer since then.

Can you please give me a reply discarding the idea, or commenting it on 
any way ?
I think this could be usefull to anyone that want to have different ways 
to perform SIP authentication (and maybe IAX as well).

Thanks and best regards,
Mauro.




Mauro Sergio Ferreira Brasil escreveu:
> Hi Olle!
>
> Let's consider that our customer, that want's at all costs to have 
> this authentication being performed by Asterisk (on a different 
> fashion than provided by current alternatives), allow us to engage an 
> effort to implement some authentication API.
>
> First question that comes to mind is how common could be the use of 
> such API? I mean, as long as I could see, SIP and IAX channels could 
> use such resource. Is this feature extendable to other channels?
> The really important question: should we develop a structured 
> authentication API (with register/unregister/access methods), or just 
> create an authentication resource and use it on necessary channels 
> without the "knowledge" of Asterisk as it was done so far?
>
> If you decide to implement an authentication API (and I strongly vote 
> for that), will it be easy to define the interface in order to be able 
> to perform authentication on the way needed by each channel ? Or maybe 
> to point out a set of parameters that will be enough for all current 
> and future authentication needs (like userid, password, domain, etc) ?
> For example: SIP provides a challenge mechanism based on HTTP 
> authentication, and for it we need only userid, password and domain. 
> But, how authentication works for the others "channel entitites" (IAX, 
> etc) ?
>
> How about an initial set of methods like this:
>
> struct channel_auth_engine
> {
>     void authenticate(const char* userid, const char* password, const 
> char* domain);  ***
> };
>
> *** Maybe we can define a method signature for each type of channel 
> (like: "sip_authenticate", "iax_authenticate", etc) with their 
> different needs of parameters;
>
> ast_channel_auth_engine_register (file main/channel_auth.c): receives 
> a "channel_auth_engine" pointer and a "char *" with the name of the 
> channel (like SIP, IAX, etc) on which this engine should be used, and 
> registrate it;
> ast_channel_auth_engine_unregister (file main/channel_auth.c): 
> unregistrate a channel auth engine;
> ast_channel_auth_engine_get (file main/channel_auth.c): receives a 
> channel name (like SIP, IAX, etc) and returns it's registered auth 
> engine, if any;
>
> On this initial view, I was not considering the possibility of someone 
> wanting to handle authentication differently on one same Asterisk 
> instance, so it will exist only one channel auth engine per channel type.
> And this suggestion is intended just to provide additional, and/or 
> proprietary authentication handling to "channel entities".
>
> Any comments, ideas, disagreements ?
>
> Thanks and best regards,
> Mauro.
>
>
>
>
>
> Olle E. Johansson escreveu:
>> 7 aug 2009 kl. 22.58 skrev Mauro Sergio Ferreira Brasil:
>>
>>   
>>> Hello there!
>>>
>>> I was having a look on alternative ways to handle SIP users  
>>> authentication other than local/static and through ARA when I found  
>>> ticket "https://issues.asterisk.org/view.php?id=5424".
>>> Unfortunately this ticket was put on hold since 2007.
>>>
>>> I found other people with similar needs than mine, that is a way to  
>>> make Asterisk use external means (mostly some sort of server) to  
>>> authenticate SIP users, and it seems that it could be usefull to IAX  
>>> users as well.
>>>
>>> The question is: Why has this ticket got abandoned? Not enough  
>>> people interested? Not enough people/time available to handle it?
>>>     
>>
>> Yes, yes.
>>
>> /O
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
>> Register Now: http://www.astricon.net
>>
>> asterisk-dev mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>>
>>
>>   
>
> -- 
> __At.,                                                                                                                             
>    _
>  
> *Technology and Quality on Information*
> Mauro Sérgio Ferreira Brasil
> Coordenador de Projetos e Analista de Sistemas
> + mauro.brasil at tqi.com.br <mailto:@tqi.com.br>
> : www.tqi.com.br <http://www.tqi.com.br>
> ( + 55 (34)3291-1700
> ( + 55 (34)9971-2572
>

-- 
__At.,                                                                                                                             
   _
 
*Technology and Quality on Information*
Mauro Sérgio Ferreira Brasil
Coordenador de Projetos e Analista de Sistemas
+ mauro.brasil at tqi.com.br <mailto:@tqi.com.br>
: www.tqi.com.br <http://www.tqi.com.br>
( + 55 (34)3291-1700
( + 55 (34)9971-2572

More information about the asterisk-dev mailing list