<br><div><span class="gmail_quote">On 7/19/08, <b class="gmail_sendername">Raśl Alexis Betancor Santana</b> <<a href="mailto:rabs@dimension-virtual.com">rabs@dimension-virtual.com</a>> wrote:</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>Hi Maya, I think your are doing it on the wrong order, better follow Jesus and<br> Victor advice.<br> <br> On our system we let the user send us PPI headers and if you find one, we<br> check if that PPI is allowed for that user and then translate it into a PAI<br>
header for our GW's, that the "correct" way of doing this.<br> <br></blockquote></div>Hello Raśl,<br>thank you.<br>I read rfc3325 and I think I got it.<br>But the requirements here are to provide alias support even for entities that doesn't support PPI/PAI (or RPID).<br>
So we were looking for a way to do it using the dbaliases table, based on the identity in the header From.<br><br>But for the cases where the client/gw does support PPI/PAI, let me see if I got it correctly:<br><br>Currently, we perform authentication using module auth_db.<br>
To use PPI we should move to auth_radius and use <br><pre class="PROGRAMLISTING">if (!radius_proxy_authorize("$pd", "$pU")) { # Realm and URI user are taken<br> proxy_challenge("$pd", "1"); # from P-Preferred-Identity<br>
}; # header field</pre>If all goes well, we can use append_hf to send the PPI as PAI or append_rpid_hf (rpid was fetched into avp during authentication), depending on gw capabilities. Is this correct? <br>
<br>regards,<br>takeshi