19 Jul
2008
19 Jul
'08
3:17 a.m.
On 7/19/08, Raúl Alexis Betancor Santana <rabs(a)dimension-virtual.com> wrote:
Hi Maya, I think your are doing it on the wrong order, better follow Jesus
and
Victor advice.
On our system we let the user send us PPI headers and if you find one, we
check if that PPI is allowed for that user and then translate it into a PAI
header for our GW's, that the "correct" way of doing this.
Hello Raúl,
thank you.
I read rfc3325 and I think I got it.
But the requirements here are to provide alias support even for entities
that doesn't support PPI/PAI (or RPID).
So we were looking for a way to do it using the dbaliases table, based on
the identity in the header From.
But for the cases where the client/gw does support PPI/PAI, let me see if I
got it correctly:
Currently, we perform authentication using module auth_db.
To use PPI we should move to auth_radius and use
if (!radius_proxy_authorize("$pd", "$pU")) { # Realm and URI user are
taken
proxy_challenge("$pd", "1"); # from P-Preferred-Identity
}; # header field
If all goes well, we can use append_hf to send the PPI as PAI or
append_rpid_hf (rpid was fetched into avp during authentication), depending
on gw capabilities. Is this correct?
regards,
takeshi