On Tue, Apr 28, 2020 at 06:20:44PM +0300, Pierre-Philipp Braun wrote: > How is authentication handled on Asterisk's side? And if that's WebRTC, > could a reverse proxy take care of it in the middle?
Not sure, does it mean modifying with asterisk's webrtc server? > A original way to approach the problem would be to go for something even > better -- I think -- than SSO, namely plain and simple PKI. You setup a > private CA, sign a few client certificates, deliver those to your users' > workstations, and they won't have to bother with passwords anymore, > while being authenticated by that client certificate. Yes, quite convenient, not sure if bozohttpd supports. Also, I am doing this for largely non-tech users, though. Have to see whether it will be easy enough to administer installation of certificates at their end. > Bozohttpd seems to support SSL but probably only for the server side. I > hope you did enable SSL by the way, since Basic HTTP auth sends the > password in clear, no matter what hash function you're using to store > the passwords. Digest would be preferred, if supported. Yes, taken care of using SSL when using basic auth. > Besides, I've had good experiences with Jitsi Meet which is essentially > providing video conferencing facilities, I don't know however how hard > it would be to package it for NetBSD. Yes, my server runs NetBSD, so it may have to start with a wip project... But I am curious about the following line in the documentation. Asterisk works pretty well with NAT with the client using STUN. Is that not the case with Jitsi? https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md "Jitsi Videobridge can run behind a NAT, provided that both required ports are routed (forwarded) to the machine that it runs on. By default these ports are TCP/4443 and UDP/10000" Besides, dialplan etc in asterisk are quite flexible. Not sure whether jitsi has. Mayuresh
