|Summary:||ASTERISK-15539: [patch] Add support for configurable peer username in digest authentication|
|Reporter:||Pietro Bertera (pbertera)||Labels:|
|Date Opened:||2010-01-28 07:31:17.000-0600||Date Closed:||2011-06-07 14:00:54|
|Environment:||Attachments:||( 0) chan_sip-challengeuser.diff|
|Description:||This patch add the ability to create different peers with same digest credentials.|
I added a new peer parameter "challengeuser" that defines the username used during digest authentication.
this way you can define multiple peer with same digest credentials.
The peer definition in sip.conf:
This is the authenticated INVITE matching the peer pietro: the dighest fields is generated using challengeuser parameter.
Via: SIP/2.0/UDP 172.20.101.110;rport;branch=z9hG4bKxzadkqei
From: "Pietro" <sip:firstname.lastname@example.org>;tag=vtrqd
CSeq: 184 INVITE
Authorization: Digest username="myauthuser",realm="domain.it",nonce="1bc80fe1",uri="sip:email@example.com",response="f5687eb90387b69013a217e2a15821ef",algorithm=MD5
|Comments:||By: Leif Madsen (lmadsen) 2010-01-28 10:23:48.000-0600|
I'm going to confirm this issue for now and request that you bring this up on the mailing list in order to gauge the interest for this feature from the community. It is possible there may be some developers who would prefer this feature be implemented differently, or perhaps there is some reason this feature shouldn't exist -- or perhaps you'll get the blessing from everyone as this being a useful feature :)
I think this would be appropriate to bring up on the asterisk-dev mailing list for discussion. Thanks!
By: Olle Johansson (oej) 2010-01-29 02:29:01.000-0600
Can you explain a use case for me, please?
By: Leif Madsen (lmadsen) 2010-01-29 12:28:20.000-0600
Switched to feedback while waiting on the reporter.
By: Pietro Bertera (pbertera) 2010-01-29 16:42:06.000-0600
I need this feature to authenticate incoming calls from a Cisco CUCM cluster.
CUCM permit to define only one global credential for for all hosts in cluster
By: Olle Johansson (oej) 2010-01-30 02:31:41.000-0600
Also check discussions on the asterisk-dev mailing list.
By: Leif Madsen (lmadsen) 2010-03-23 10:40:34
What is the status on this issue? Keep, throw away, more discussion needed?
By: John Todd (jtodd) 2010-04-27 13:36:15
Olle, is there any progress or status on how to move forward with this or abandon the patch?
By: Pietro Bertera (pbertera) 2010-05-06 10:52:29
Jtodd, I do not know what to say. my latest requests on the mailing list are unanswered:
By: Olle Johansson (oej) 2010-05-06 10:56:51
We already have this with realm based auth. I am not convinced that this is a better way, so at this moment i think we should abandon it.
By: Leif Madsen (lmadsen) 2010-05-10 11:14:09
Since I'm deferring to Olle's judgment here, I'm closing this issue.