[asterisk-dev] [Code Review] SIP authentication support

Hans Witvliet asterisk at a-domani.nl
Mon Feb 11 14:33:44 CST 2013

-----Original Message-----
From: Joshua Colp <jcolp at digium.com>
Reply-to: Asterisk Developers Mailing List
<asterisk-dev at lists.digium.com>
To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
Subject: Re: [asterisk-dev] [Code Review] SIP authentication support
Date: Mon, 11 Feb 2013 09:37:01 -0400

Hans Witvliet wrote:
> Perhaps a long shot, but why can't asterisk use use the authentication
> methods already existing on systems?
> Something like pam_asterisk ?
> If possible, you could use anything (pwd, ldap, kerberos, pkcs11, ...)
> Or do i over-simplify things...

The discussion that Mark and Olle were having was referring to the 
authentication between the end device (a SIP phone for example) and the 
new SIP work within Asterisk. There are defined standards for doing 
that, that both have to implement.

PAM is really for what you are authenticating against. IE: I want to 
authenticate using LDAP for my credentials. That has nothing to do with 
the actual communication with the end device. (Disclaimer: Depending on 
the actual PAM module in use this can be untrue.)

-----Original Message-----

Ok Joshua, perhaps i used the wrong phrase..
I got the impression that the complete authentication-machine is getting
re-implemented again...

For logging in interactively or accessing restricted webpages and so on,
you can use the same methods, apache only had to provide the
(mod_auth_xxx) hooks, they didn't re-implement it all over again. So i
wondered if the same analogy could be applied to Asterisk: just the
hooks (that is: the communication with the sip/iax/whatever-user) 

There should be a more efficient way than storing/retrieving/validating
passwords/hashes in an config file, not?


More information about the asterisk-dev mailing list