[asterisk-dev] chan_sip: configurable peer username in digestauthentication
Olle E. Johansson
oej at edvina.net
Mon Feb 1 06:29:33 CST 2010
1 feb 2010 kl. 12.07 skrev Nick Lewis:
> I agree that "authuser" would be suitable for this OP case (where
> realm=domain) but think that in general there may be many peers in a
> remote realm. Therefore perhaps there should be a conf structure (with
> atomic elements please) for use with outbound authentication to realms
> so that the realm based authentication can be divorced from specific
> peer definitions e.g.
Check the [authentication] section...
>
> [remote-realm-name-1]
> type=remoterealm
> authuser = my-account-for-realm-name-1
> remotesecret = my-password-for-realm-name-1
>
> [remote-realm-name-2]
> type=remoterealm
> authuser = my-account-for-realm-name-2
> remotesecret = my-password-for-realm-name-2
>
> [peername]
> etc...
>
>> There's already some bad code in chan_sip to match on
>> digest auth user that potentially could mess this up.
> Does the global_match_auth_username really do a peer match on authuser?
> I had assumed that it only ensured that the authuser rather than
> userinfo part of the request-uri was used in authentication. Yelp - I
> need to disable this behaviour for type=service sharpish.
Yep. That patch wasn't well architectured - and one of the reasons why I think we should freeze the current types and just reboot with a fresh architecture document that we all agree upon.
/O
>
> -- N_L
>
> _____________________________________________________________________
> This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre.
> _____________________________________________________________________
> Disclaimer of Liability
> ATL Telecom Ltd shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyones use of the information. In no event shall ATL Telecom Ltd be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this system, even if advised of the possibility of such damage.
>
> Registered Office: ATL Telecom Ltd, Fountain Lane, St. Mellons Cardiff, CF3 0FB
> Registered in Wales Number 4335781
>
> All goods and services supplied by ATL Telecom Ltd are supplied subject to ATL Telecom Ltd standard terms and conditions, available upon request.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
---
* Olle E Johansson - oej at edvina.net
* Cell phone +46 70 593 68 51, Office +46 8 96 40 20, Sweden
More information about the asterisk-dev
mailing list