23 Apr
2014
23 Apr
'14
10:50 a.m.
On 23/04/14 08:06, Yoann Gini wrote:
Le 22 avr. 2014 à 11:03, Daniel-Constantin Mierla <miconda(a)gmail.com
<mailto:miconda@gmail.com>> a écrit :
Sure you can't be sure of anything but this one.
the constraint to have access to text password or
HA1 format (md5
over username, password, realm) comes from WWW Authentication
mechanism which is used by SIP.
Writing something different in kamailio would be possible (it is open
source), but you don't have phones able to do it and provide the
adequate details.
Are you sure? You’ve a Radius backend for example, Radius don’t
allow you to access
to clear text password, it isn’t?
Look at digest module for (free)radius, if there
is something like that
for ldap, then you may get it working with some patch. But it still
requires access to plain text password or HA1.
The only www authentication mechanism who must have access to clear
text password is the DIGEST auth. But if we consider using SIP over
TLS, we may be able to use BASIC authentication…
What do you think ? Does the authentication kind is negotiated during
the communication?
If you use tls and give a signed certificate to client, then you
can
simply authenticate it by trusting the certificate and checking the
owner fields to match sip headers.
If you control the client and develop it, you can add any authentication
mechanism. You will eventually have to add to kamailio appropriate
authentication support, but that's easy, it's open source.
However, SIP RFC enforces www digest authentication and it is what all
the phones I am aware of in the wild support now.
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda