Hi, Michal. > > - creation of a res_user_auth module, in order to make authentication > > functions available to other channels or applications > > hmm I like the idea cause it could be used in chan_iax2 and chan_mgcp and > whatever as well and would simplify central cross protocol auth handling. > > > - option activated at compile time (tested with chan_sip) > fine with me > Great, I'll start feeding my branch in opbx with this. Hopefully at the end of this week.
> > Currently, we just had chan_sip rely on PAM in order to authenticate > > through RADIUS. By using a new resource module, we could imagine to > > authenticate directly through RADIUS (ie skip the PAM module), or > > DIAMETER (if there's any API) in a generic way. > > > > The whole thing assumes that SIP endpoints are handled directly by > > opbx. As William Suffill suggested, an external SIP proxy like > > PartySip might do the job instead of opbx, which would not be involved > > in a SIP user authentication process then. > > that could still be possible via a default RADIUS user no ? > Indeed, we could trigger user authentication upon reception of an INVITE request (the provided patch only triggers it upon REGISTER request, but this can be added). If an external SIP proxy is attached, an unknown user from opbx point of view would match a DEFAULT statement in the RADIUS users file. Thank you for your comments Michal, Philippe Sultan INRIA _______________________________________________ Openpbx-dev mailing list [email protected] http://lists.openpbx.org/mailman/listinfo/openpbx-dev
