[OpenSER-Devel] conceptual problem: domain - realm

Daniel-Constantin Mierla miconda at gmail.com
Thu Jun 5 19:38:37 CEST 2008


Hello,

there is a conceptual problem with the subscriber table, the domain 
column and realm for authentication. Practically, the realm used for 
authentication can be meaningless and one subscriber can have several 
pairs of realm-password to authenticate for different services.

Furthermore, if the use_domain is 1, the realm is used to match the 
domain column to load the password in auth_db -- when the domain of 
username in authorization header is missing. This is obviously wrong.

Now, the purpose of this thread is to find the best solution to fix it. 
One is to add new column for realm in subscriber table. This will 
duplicate all the rest of columns (rpid, email_address) for each realm 
assigned to a user. Alternative will be to move out realm-password pairs 
to a new table - this will add more db operations.

Any comments, opinions, alternatives?

Cheers,
Daniel

-- 
http://www.asipto.com




More information about the Devel mailing list