Most of the desktops are KDE and they use the KDE change password facility. It works via pam I believe. Is there an Asterisk interface with pam that would cause it to simultaneously change the Asterisk SIP realm password? If there is, I wonder how we pass it the requisite information? Thanks - John
On Tue, 2009-06-02 at 21:04 +0100, Gavin Henry wrote: > Where do they currently change their password? If it's somewhere you > control, why not add some to create the realmed password? > > Gavin. > > On 02/06/2009, John A. Sullivan III <[email protected]> wrote: > > Hello, all. I'm afraid I've been dropped into the deep end even though > > I am an Asterisk novice. I've set up a few tiny, tiny systems in the > > past and have now been asked to pull together Asterisk, FreePBX, > > Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. > > > > After googling and reading for most of the last 24 hours, I finally have > > my head around the components and how they work but am a little stumped > > by password synchronization using existing LDAP accounts. Maintaining > > separate accounts with a shared database between Kamailio and Asterisk > > seems quite reasonable. Integrating with the existing LDAP database > > seems like much more of a challenge. > > > > I did find > > http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html > > and > > http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ > > very helpful. > > > > For security reasons, we keep internal UIDs different from public email > > IDs. Thus, we might use john.doe internally and [email protected] for > > email. Since it is a multi-tenant environment, I'd imagine we will use > > the Kamailio domain module, make the SIP domain match the email domain, > > and use the email user portion of the email address as the SIP ID. I > > think this is straightforward using LDAP and Kamailio as we would query > > LDAP for the email address and have return the password. > > > > Asterisk seems a little trickier. I've looked at the schema extensions > > and it looks like we add an auxiliary objectclass of AstSIPUser. I > > suppose we would add this objectclass to a structure inetOrgPerson > > object. We could then use the email name for the AstAccountName (or > > whatever the actual attribute is) but the password befuddles me. > > > > I notice we add an AstAccountRealmedPassword attribute. I suppose this > > is because of the need to furnish SIP a hash derived from > > username:realm:password. We would prefer our users only need to change > > their passwords in one place. Is there anyway beside deploying > > something like IPA to have Asterisk use the regular posix password > > stored in LDAP rather than a separate AstAccountRealmedPassword? > > > > I'm looking forward to diving in; I just wish it was with a little less > > time pressure! Thanks - John > > -- > > John A. Sullivan III > > Open Source Development Corporation > > +1 207-985-7880 > > [email protected] > > > > http://www.spiritualoutreach.com > > Making Christianity intelligible to secular society > > > > > > _______________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [email protected] http://www.spiritualoutreach.com Making Christianity intelligible to secular society _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
