[OpenSER-Devel] conceptual problem: domain - realm
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jun 5 19:38:37 CEST 2008
Hello,
there is a conceptual problem with the subscriber table, the domain
column and realm for authentication. Practically, the realm used for
authentication can be meaningless and one subscriber can have several
pairs of realm-password to authenticate for different services.
Furthermore, if the use_domain is 1, the realm is used to match the
domain column to load the password in auth_db -- when the domain of
username in authorization header is missing. This is obviously wrong.
Now, the purpose of this thread is to find the best solution to fix it.
One is to add new column for realm in subscriber table. This will
duplicate all the rest of columns (rpid, email_address) for each realm
assigned to a user. Alternative will be to move out realm-password pairs
to a new table - this will add more db operations.
Any comments, opinions, alternatives?
Cheers,
Daniel
--
http://www.asipto.com
More information about the Devel
mailing list