[SR-Users] auth apis & radius (was: auth_radius - Segmentation fault)

[cc'ed sr-dev] On Jun 13, 2010 at 11:10, Juha Heinanen <jh(a)tutpro.com> wrote: It looks like he uses modules/auth_radius (which seems to be the k version) and modules_s/auth. Unfortunately the ser auth api is incompatible with the k one. OTOH IMHO the ser auth module is superior to the k one, e.g.: ser auth: + nonce-count/qop=auth* support: http://sip-router.org/docbook/sip-router/branch/master/modules_s/auth/auth.… + lockless in nonce-count or one time nonce mode + extra protection even in non qop=auth mode and non-one-time-nonce mode (the one time nonce mode has potential issues with retransmissions): http://sip-router.org/docbook/sip-router/branch/master/modules_s/auth/auth.… + speed optimized (less syscalls, concurrent access) + base64 nonces (shorter) k auth (at first sight) seems to support only on-time-nonces and their implementation uses locks (and seems to be more "limited"). We need either to quickly merge the auth apis or revive modules_s/auth_radius (and probably the other modules_s/*radius). Unfortunately merging the auth api doesn't look like a quick job: ser auth api: + build_challenge() + qop + calc_response() k auth api: + rpid_avp + rpid_avp_type + check_response() so reviving the modules_s/*radius looks like the quick fix (at least for 3.0). So anybody against reviving them in 3.0? (or does anybody remember any problem with the s versions?) Andrei