[asterisk-dev] AstriDevCon Follow Up - Asterisk and Kamailio - smoother integration
Matthew Jordan
mjordan at digium.com
Wed Mar 11 16:11:16 CDT 2015
On Wed, Mar 11, 2015 at 3:31 PM, Olle E. Johansson <oej at edvina.net> wrote:
>
>>>
>>> So far most of authorization between Kamailio and Asterisk relies on IP
>>> addresses, but those need to be provisioned one by one in both sides. The
>>> new module is practically adding a custom header with a hash over parts of
>>> the message or other environment attributes (eg., IP address) and a shared
>>> secret. The www-digest with username and password has the overhead of an
>>> extra round of signaling messages, but also the constraint on CSeq increment
>>> after the challenge. Also, the MD5 is rather week hashing these days.
>>>
>
> Why can't this be done in the dialplan?. This is exactly why I implemented the MD5
> dialplan stuff in Asterisk years ago. We need something else than MD5 today,
> but still - both Asterisk and Kamailio can handle it without modules or extra coding...
>
> The IETF is working on OAUTH authentication for SIP - which is the solution
> we really want to look into - not copy weak auth from the API world... :-)
Do you really want to spin up a PBX thread for every single request
that fails authentication?
--
Matthew Jordan
Digium, Inc. | Director of Technology
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
More information about the asterisk-dev
mailing list