[Asterisk-Users] User authentication and privileges

C F shmaltz at gmail.com
Mon Sep 5 20:57:06 MST 2005 

What you are asking is to design a complete asterisk system, which is
not what this list will do for you, I'll try to get you started for
the rest please use the handbook, and the wiki.
The wiki is located at: http://www.voip-info.org/wiki-asterisk
I'll just talk about the authenticate, and vmauthenticate (only
available in HEAD) apps
http://www.voip-info.org/wiki-asterisk+cmd+authenticate
http://www.voip-info.org/wiki-asterisk+cmd+vmauthenticate

Both have the same idea to authenticate a user and if it doesn't match
jump to + 101.
In the case of VMAuthenticate it will use the voicemail.conf file
which allows the user to change the pasword without calling the amdin
using the voicemailmain app (that the admin has to first setup an
extension to access it). Yes you could just make use of VoiceMail for
the VMAuthenticate without the features of the messaging (as well as
just directory) by making sure that:
You don't have in the dialplan for these extensions any voicemail commands.
You set maxmsg (I think HEAD only) to 0
then in the dialplan you can use something like this (if you want to
make sure they enter the password before the phone number:
I'm assuming the callerid of the caller matches the extension in
voicemail.conf, and that what follows after the star is fixed length 7
digits (you could change it around for variable length, but I'm
writing this with fixed).

exten => *XXXXXXX,1,VMAuthenticate(${CALLERIDNUM}@${CONTEXT})
exten => *XXXXXXX,2,DoWhateveryouwanthere
exten => *XXXXXXX,102,Playback(custommassageexplainingauthorizedusersonly)


On 9/5/05, Mark Elkins <mje at posix.co.za> wrote:
> I want to authenticate a user before he is able to use the phone. I also
> want to set his privilege as to where he is allowed to call to...
> 
> Preferably, the password should be their VoiceMail password,  (every
> extension (or is that user?) can have voicemail defined - even if its
> not in use?)
> 
> ...one should be able to enter the password (variable length) as part of
> the dial sequence - eg the number to call is 0113140077 and the password
> is 1234 so dial something like *1234*0113140077 (no prompting!) and what
> should be written to the Accounts file should rather be the extension
> that that password is good for... (effectively - the User).
> This way, using voicemail.conf, users can manage their own passwords.
> 
> I've seen some wiki stuff on AGI's that allow one to glean for user
> passwords..
> 
> If the system is smart (and the user not so), after dialing a trunk that
> needs a password and none were provided - then asterisk can prompt for
> it.
> 
> It would also be cool if certain extensions did not need a password...
> (phone in MD's office?, Switchboard, Fax (maybe)) - this needs a flag
> against the extension - which could be a Privilege Flag.
> 
> Privilege Flag: (suggestion)
> 0=internal calls (and emergency/911)
> 1=local calls
> 2=long distance
> 3=cellular
> 4=no barring at all (international)
> 
> (Somehow need to Tag the class (privilege level) that a number falls
> into)
> 
> Then what about an additional field in the voicemail.conf file that
> specifies what privilege a person has - ie from a phone with zero
> privilege, a user with priv 4 can use his password to make an
> international call...
> 
> I say "user" rather than "extension" because a user should be able to
> call from any extension with their own password - the user has the
> restriction - not the extension.
> 
> Anyone got anything like this?
> 
> --
>   .  .     ___. .__      Posix Systems - Sth Africa.  e.164 VOIP ready
>  /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496
> 
> _______________________________________________
> --Bandwidth and Colocation sponsored by Easynews.com --
> 
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list