[Devel] uac_auth - set credentials with avpops

[Klaus Darilion]

Have you tried other authentication mechanisms, e.g. TLS based?

regards
klaus

Thomas Gelf wrote:
> Hi all,
> 
> I have been charged to develop a VoIP environment for an ISP in northern
> Italy and so I started working with SER (0.9.x, then switched to OpenSER
> last week) something like 3-4 months ago. After reading hundreds of mails
> on (open)ser mailinglists from the last years, forum posts, example configs
> and doing LOTS of testing now I believe to have done a not-so-bad job in
> setting up a really nice VoIP environment (currently running fine with
> something like 1000 test users).
> 
> - OpenSER (1.0.0) is running fine, MySQL-based, driven by a self-written
>  Webapp (based on Horde)
> - Voicemail, conferences etc are handled by Asterisk - running fine
> - we are able to handle most NAT/FW issues by using STUN and mediaproxy
> 
> While currently offering nothing but ip2ip calls (we wanted to learn how
> things will behave by just putting hands on) we are now more or less ready
> to release a "stable" version of our product offering also calls to pstn.
> 
> This is where trouble starts:
> 
> As the main goal is not to earn lots of money but to offer rock-solid VoIP
> calls free of charge and cheap calls to pstn our budget is limited and we
> are not going to set up our own pstn hardware but we will relay on one of
> the largest Italian VoIP providers.
> 
> Because of new strict anti-terrorism laws and upcoming security concerns
> regarding SIP I cannot just create a trust releationship between our SIP
> proxys but have to use my "uplink provider's" credentials to rewrite each
> SIP sessions packets with the appropriate credentials for every single
> user.
> 
> After removing qop checks from uac/auth_hdr.c my uac_auth() is running 
> fine,
> but it doesn't allow me to set credentials by avpops - I'm allowed to set
> only one user/pass couple by realm using modparam.
> 
> And here my question: how could I resolve this issue? I have a very urgent
> need to assign one uplink providers user/pass pair to each of my users (and
> I'm sure others would really like to do so too - at least once the qop
> "barrier" will be removed).
> 
> Sorry for writing such a long description (it's my first post to this
> list) thanks a lot for your attention :-)
> 
> Best regards,
> Thomas Gelf
> 
> PS: DB upgrade from SER to OpenSER is a mess - I used half a day to fix
>   openser_mysql.sh. The main problem is that the SQL queries exported
>   from "old" DB will not fit the new DB structure.
> 
>   After lots of little patches / workarounds I realized that this
>   would'nt help as I have also made lots of little extensions to SER's
>   DB structure to fit my personal needs - so I finished manually
>   changing SER's table structures.
> 
>   As this will be an issue for lots of people here a proposal on how
>   such upgrades could happen "smoother":
> 
>   - every single change to db structre should require a single upgrade
>     script
>   - as there is already a nice "version" table we could use that infor-
>     mation to allow the main upgrade script to choose which of the
>     single upgrade steps should be executed (in the right order of
>     course)