Hi everybody, I would like to have the opbx community's advice about this topic : http://bugs.openpbx.org/view.php?id=55
Basically, it is about SIP peers authentication using RADIUS (through a PAM module). The authentication scheme follows the directives taken from this draft (scenario 1) : http://ietfreport.isoc.org/ids/draft-ietf-radext-digest-auth-06.txt A patch that targets chan_sip has been sent, and some advices led me to the following proposition which I am submitting to you : - creation of a res_user_auth module, in order to make authentication functions available to other channels or applications - option activated at compile time (tested with chan_sip) Currently, we just had chan_sip rely on PAM in order to authenticate through RADIUS. By using a new resource module, we could imagine to authenticate directly through RADIUS (ie skip the PAM module), or DIAMETER (if there's any API) in a generic way. The whole thing assumes that SIP endpoints are handled directly by opbx. As William Suffill suggested, an external SIP proxy like PartySip might do the job instead of opbx, which would not be involved in a SIP user authentication process then. Thank you for your comments, I do not want to go too far into the coding stuff without your advices regarding the use and design of this feature. Kind regards, Philippe Sultan INRIA _______________________________________________ Openpbx-dev mailing list [email protected] http://lists.openpbx.org/mailman/listinfo/openpbx-dev
