[sr-dev] [SR-Users] auth apis & radius (was: auth_radius - Segmentation fault)
Andrei Pelinescu-Onciul
andrei at iptel.org
Mon Jun 14 15:15:20 CEST 2010
On Jun 14, 2010 at 14:56, Henning Westerholt <henning.westerholt at 1und1.de> wrote:
> On Monday 14 June 2010, Andrei Pelinescu-Onciul wrote:
> > It looks like he uses modules/auth_radius (which seems to be the k
> > version) and modules_s/auth. Unfortunately the ser auth api is
> > incompatible with the k one.
> > OTOH IMHO the ser auth module is superior to the k one, e.g.:
> > ser auth:
> > + nonce-count/qop=auth* support:
> > + extra protection even in non qop=auth mode and non-one-time-nonce mode
> > (the one time nonce mode has potential issues with retransmissions):
> > + base64 nonces (shorter)
> >
> > k auth (at first sight) seems to support only on-time-nonces and their
> > implementation uses locks (and seems to be more "limited").
>
> Indeed the ser auth module is superiour in this areas to the kamailio one. I
> can't judge about the auth_radius side, as i did not used it so far.
I have no idea about the radius part either (Juha knows better). The
problem is that right now if one wants to use auth from module_s and
radius, he/she can't and the quickest way to fix it is to temporarily
revive the modules_s/*radius stuff (which will have the unpleasant
side-effect of some path changes: modules/auth_radius =>
modules_k/auth_radius and modules/misc_radius => modules_k/misc_radius).
Andrei
More information about the sr-dev
mailing list