[asterisk-users] SKYPE - Authenticate incoming call

Kevin P. Fleming kpfleming at digium.com
Fri Jul 16 08:46:35 CDT 2010


On 07/15/2010 08:57 PM, Neeraj Chand wrote:
>>>
>>>
>>> Hi All, 
>>>
>>> After getting licences for Skype for asterisk a while ago I finally
> got
>>> around to setting up a server with two channels and setting up a bcp
> on
>>> the skype end. 
>>>
>>> The idea behind this is the following: 
>>>
>>> Users can dial into the PBX, get authenticated and only after>
>>> authentication get access to internal PBX extensions. 
>>>
>>> I CAN do this with a PIN, no sweat, but from a user perspective it
>>> becomes a bit clunky, i.e. password to remember, security in terms of
>>> pin leaks, multiple passwords for users, etc. 
>>>
>>> I was wondering if there was a way I could extract the "FROM - USER"
> and
>>> assign it to a variable, then do a lookup of that username in a
> database
>>> using ODBC to decide whether to allow or disallow access. 
>>>
>>> NOTE: The bit I need help with is extracting the "FROM - USER" the
> rest
>>> of the stuff I've done already / before.  
> 
>> None of this is necessary; Skype already supports restricting to calls
>> to only coming from users on the buddy list. So, if your PBX is
>> connecting to the Skype network as user 'A', and your remote users are
>> 'B' and 'C', then *don't* setup SFA to allow calls from anyone, and
>> don't set it up to automatically add users to the buddy list when they
>> request it. Instead, manually add users B and C to A's buddy list
> (using
>> a regular Skype client), and those are the only users that will be able
>> to call A.
>>
>> -- 
>> Kevin P. Fleming
> 
> I know that already, it's a matter of convenience. 
> If I go that way, then I have to manually log in to skype, and add maybe
> 50 / 60 users to each new user that I create [these are personal staff
> accounts that wont be logged into the asterisk server via SFA, and are
> not part of the group set up in BCP]
> If there's something I can do on the asterisk end, then management
> becomes *very* simple --> func_odbc+freetds+MS_SQL+PHP = web page to
> manage users & access. 

I really don't understand this at all; this does not match up with what
you originally posted. Your Asterisk server should be using *one*
account to log in to the Skype network via SFA, and only that account
needs to have the list of authorized callers added as buddies. These
Skype users can then call into your PBX and access the 'internal
extensions' as you put it in your first message.

Now, if you actually mean your Asterisk server is going to be logging in
to the Skype network with many accounts (one for each extension), then
your best option would be to use the built-in buddy authentication
mechanism in SFA, where the Skype user who wants to be able to call
sends a buddy authentication request to the SFA user they wish to call,
including a special 'password' phrase in the buddy request. When this
request is received by SFA the buddy request will be honored, and that
user can then call that SFA user. If the password phase is not received
in the buddy request, it is ignored (or rejected, I can't remember which).

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list