Summary:ASTERISK-15539: [patch] Add support for configurable peer username in digest authentication
Reporter:Pietro Bertera (pbertera)Labels:
Date Opened:2010-01-28 07:31:17.000-0600Date Closed:2011-06-07 14:00:54
Versions:Frequency of
Environment:Attachments:( 0) chan_sip-challengeuser.diff
Description:This patch add the ability to create different peers with same digest credentials.
I added a new peer parameter "challengeuser" that defines the username used during digest authentication.
this way you can define multiple peer with same digest credentials.

The peer definition in sip.conf:


This is the authenticated INVITE matching the peer pietro: the dighest fields is generated using challengeuser parameter.

Via: SIP/2.0/UDP;rport;branch=z9hG4bKxzadkqei
Max-Forwards: 70
To: <sip:01234567@domain.it>
From: "Pietro" <sip:pietro@domain.it>;tag=vtrqd
Call-ID: uxgmnxznrqtgjqb@bertuccia
CSeq: 184 INVITE
Contact: <sip:pietro@>
Content-Type: application/sdp
Authorization: Digest username="myauthuser",realm="domain.it",nonce="1bc80fe1",uri="sip:03384007825@xsec.it",response="f5687eb90387b69013a217e2a15821ef",algorithm=MD5
Supported: replaces,norefersub,100rel
User-Agent: Twinkle/1.4.2
Content-Length: 312
Comments:By: Leif Madsen (lmadsen) 2010-01-28 10:23:48.000-0600

I'm going to confirm this issue for now and request that you bring this up on the mailing list in order to gauge the interest for this feature from the community. It is possible there may be some developers who would prefer this feature be implemented differently, or perhaps there is some reason this feature shouldn't exist -- or perhaps you'll get the blessing from everyone as this being a useful feature :)

I think this would be appropriate to bring up on the asterisk-dev mailing list for discussion. Thanks!

By: Olle Johansson (oej) 2010-01-29 02:29:01.000-0600

Can you explain a use case for me, please?

By: Leif Madsen (lmadsen) 2010-01-29 12:28:20.000-0600

Switched to feedback while waiting on the reporter.

By: Pietro Bertera (pbertera) 2010-01-29 16:42:06.000-0600

I need this feature to authenticate incoming calls from a Cisco CUCM cluster.
CUCM permit to define only one global credential for for all hosts in cluster

By: Olle Johansson (oej) 2010-01-30 02:31:41.000-0600

Also check discussions on the asterisk-dev mailing list.

By: Leif Madsen (lmadsen) 2010-03-23 10:40:34

What is the status on this issue? Keep, throw away, more discussion needed?

By: John Todd (jtodd) 2010-04-27 13:36:15

Olle, is there any progress or status on how to move forward with this or abandon the patch?

By: Pietro Bertera (pbertera) 2010-05-06 10:52:29

Jtodd, I do not know what to say. my latest requests on the mailing list are unanswered:


By: Olle Johansson (oej) 2010-05-06 10:56:51

We already have this with realm based auth. I am not convinced that this is a better way, so at this moment i think we should abandon it.

By: Leif Madsen (lmadsen) 2010-05-10 11:14:09

Since I'm deferring to Olle's judgment here, I'm closing this issue.