On 7/19/08, Raúl Alexis Betancor Santana <[EMAIL PROTECTED]> wrote:
>
> Hi Maya, I think your are doing it on the wrong order, better follow Jesus
> and
> Victor advice.
>
> On our system we let the user send us PPI headers and if you find one, we
> check if that PPI is allowed for that user and then translate it into a PAI
> header for our GW's, that the "correct" way of doing this.
>
> Hello Raúl,
thank you.
I read rfc3325 and I think I got it.
But the requirements here are to provide alias support even for entities
that doesn't support PPI/PAI (or RPID).
So we were looking for a way to do it using the dbaliases table, based on
the identity in the header From.
But for the cases where the client/gw does support PPI/PAI, let me see if I
got it correctly:
Currently, we perform authentication using module auth_db.
To use PPI we should move to auth_radius and use
if (!radius_proxy_authorize("$pd", "$pU")) { # Realm and URI user are taken
proxy_challenge("$pd", "1"); # from P-Preferred-Identity
}; # header field
If all goes well, we can use append_hf to send the PPI as PAI or
append_rpid_hf (rpid was fetched into avp during authentication), depending
on gw capabilities. Is this correct?
regards,
takeshi
_______________________________________________
Users mailing list
Users@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
