Summary: | ASTERISK-15539: [patch] Add support for configurable peer username in digest authentication | ||
Reporter: | Pietro Bertera (pbertera) | Labels: | |
Date Opened: | 2010-01-28 07:31:17.000-0600 | Date Closed: | 2011-06-07 14:00:54 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/NewFeature |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) chan_sip-challengeuser.diff | |
Description: | This patch add the ability to create different peers with same digest credentials. I added a new peer parameter "challengeuser" that defines the username used during digest authentication. this way you can define multiple peer with same digest credentials. The peer definition in sip.conf: [pietro](sip-client-base) challengeuser=myauthuser secret=XXXXX qualify=yes nat=yes This is the authenticated INVITE matching the peer pietro: the dighest fields is generated using challengeuser parameter. Via: SIP/2.0/UDP 172.20.101.110;rport;branch=z9hG4bKxzadkqei Max-Forwards: 70 To: <sip:01234567@domain.it> From: "Pietro" <sip:pietro@domain.it>;tag=vtrqd Call-ID: uxgmnxznrqtgjqb@bertuccia CSeq: 184 INVITE Contact: <sip:pietro@172.20.101.110> Content-Type: application/sdp Authorization: Digest username="myauthuser",realm="domain.it",nonce="1bc80fe1",uri="sip:03384007825@xsec.it",response="f5687eb90387b69013a217e2a15821ef",algorithm=MD5 Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,PRACK,REFER,NOTIFY,SUBSCRIBE,INFO,MESSAGE Supported: replaces,norefersub,100rel User-Agent: Twinkle/1.4.2 Content-Length: 312 | ||
Comments: | By: Leif Madsen (lmadsen) 2010-01-28 10:23:48.000-0600 I'm going to confirm this issue for now and request that you bring this up on the mailing list in order to gauge the interest for this feature from the community. It is possible there may be some developers who would prefer this feature be implemented differently, or perhaps there is some reason this feature shouldn't exist -- or perhaps you'll get the blessing from everyone as this being a useful feature :) I think this would be appropriate to bring up on the asterisk-dev mailing list for discussion. Thanks! By: Olle Johansson (oej) 2010-01-29 02:29:01.000-0600 Can you explain a use case for me, please? By: Leif Madsen (lmadsen) 2010-01-29 12:28:20.000-0600 Switched to feedback while waiting on the reporter. By: Pietro Bertera (pbertera) 2010-01-29 16:42:06.000-0600 I need this feature to authenticate incoming calls from a Cisco CUCM cluster. CUCM permit to define only one global credential for for all hosts in cluster By: Olle Johansson (oej) 2010-01-30 02:31:41.000-0600 Also check discussions on the asterisk-dev mailing list. By: Leif Madsen (lmadsen) 2010-03-23 10:40:34 What is the status on this issue? Keep, throw away, more discussion needed? By: John Todd (jtodd) 2010-04-27 13:36:15 Olle, is there any progress or status on how to move forward with this or abandon the patch? By: Pietro Bertera (pbertera) 2010-05-06 10:52:29 Jtodd, I do not know what to say. my latest requests on the mailing list are unanswered: http://lists.digium.com/pipermail/asterisk-dev/2010-January/041857.html http://lists.digium.com/pipermail/asterisk-dev/2010-February/042053.html http://lists.digium.com/pipermail/asterisk-dev/2010-March/043173.html By: Olle Johansson (oej) 2010-05-06 10:56:51 We already have this with realm based auth. I am not convinced that this is a better way, so at this moment i think we should abandon it. By: Leif Madsen (lmadsen) 2010-05-10 11:14:09 Since I'm deferring to Olle's judgment here, I'm closing this issue. |