Hi,
the idea between ephemeral passwords is, that any webservice can create username/passwords without explicitly provisioning them on the other servers. The auth_ephemeral module does not provide the webserver, but only the compability to authenticate based on a shared secret.
You may e.g. use the following PHP function to create a username, which is valid for the next 3 hours (3*3600):
function getEphemeralUsername($username) { $timeout = time () + (3 * 3600); return $timeout . ':' . $username; }
With this "temporary username" and the shared secret, you can now create a temporary password:
function getEphemeralPassword($temporary_user, $shared_secret) { return base64_encode ( hash_hmac ( 'sha1', $temporary_user, $shared_secret, true ) ); }
$secret = "imsrulez"; $username = getEphemeralUsername('steve'); // Creates: '<-unix-timestamp:valid until->:steve' $password = getEphemeralPassword($username, $secet);
The documation refers to any website, which could provide the username/password (e.g. even a homepage without any API interaction).
On Kamailio, you can now verify the username/password, if you configure the same "shared password":
modparam("auth_ephemeral", "secret", "imsrulez")
Thanks, Carsten
2017-01-17 12:53 GMT+01:00 Steve Davies steve-lists-srusers@connection-telecom.com:
Hi Peter Dunkley or anyone else who can throw me some clue,
I'm interested in using the auth_ephemeral module to authenticate registrations with the help of an external web service.
But I'm reading and reading the documentation and I'm clearly missing something.
The document starts by describing how "the web service" should work. I understand fully that I must implement this web service.
But nowhere in the documentation with auth_ephemeral do you tell the module the URL where the service is found.
Whilst the Makefile includes libcurl when static linking is used, there are no calls to the curl library in the auth_ephemeral module, or to socket() or connect().
So I don't see that this module can act as a client to the documented web service?
What am I failing to understand?
Thanks, Steve
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users