[sr-dev] git:master: auth: README update
Olle E. Johansson
oej at edvina.net
Sun Dec 2 21:27:46 CET 2012
Module: sip-router
Branch: master
Commit: 9b67242978cb6aab702ccf4715e9152ac8f719c8
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9b67242978cb6aab702ccf4715e9152ac8f719c8
Author: Olle E. Johansson <oej at edvina.net>
Committer: Olle E. Johansson <oej at edvina.net>
Date: Sun Dec 2 21:26:54 2012 +0100
auth: README update
---
modules/auth/README | 35 ++++++++++++++++++-----------------
1 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/modules/auth/README b/modules/auth/README
index a429a53..5a76ca6 100644
--- a/modules/auth/README
+++ b/modules/auth/README
@@ -50,7 +50,7 @@ Daniel-Constantin Mierla
1.4.6. pv_www_authenticate(realm, passwd, flags [, method])
1.4.7. pv_proxy_authenticate(realm, passwd, flags)
1.4.8. pv_auth_check(realm, passwd, flags, checks)
- 1.4.9. auth_get_www_authenticate(realm, flags, pvdst)
+ 1.4.9. auth_get_www_authenticate(realm, flags, pvdest)
1.1. Overview
@@ -59,10 +59,10 @@ Daniel-Constantin Mierla
all other authentication related modules (so called authentication
backends).
- We decided to break the authentication code into several modules
+ We decided to divide the authentication code into several modules
because there are now more than one backends (currently database
authentication and radius are supported). This allows us to create
- separate packages so uses can install and load only required
+ separate packages so users can install and load only the required
functionality. This also allows us to avoid unnecessary dependencies in
the binary packages.
@@ -540,7 +540,7 @@ modparam("auth", "use_domain", 1)
1.4.1. consume_credentials()
- This function removes previously authorized credentials from the
+ This function removes previously authorized credential headers from the
message being processed by the server. That means that the downstream
message will not contain credentials there were used by this server.
This ensures that the proxy will not reveal information about
@@ -582,10 +582,11 @@ if (has_credentials("myrealm")) {
* realm - Realm is a opaque string that the user agent should present
to the user so he can decide what username and password to use.
Usually this is domain of the host the server is running on.
- It must not be empty string "". In case of REGISTER requests To
- header field domain (e.g., variable $td) can be used (because this
- header field represents the user being registered), for all other
- messages From header field domain can be used (e.g., variable $fd).
+ It must not be empty string "". In case of REGISTER requests, the
+ To header field domain (e.g., variable $td) can be used (because
+ this header field represents the user being registered), for all
+ other messages From header field domain can be used (e.g., variable
+ $fd).
The string may contain pseudo variables.
* flags - Value of this parameter can be a bitmask of following:
+ 1 - build challenge header with qop=auth
@@ -614,8 +615,8 @@ if (!www_authenticate("$td", "subscriber")) {
information regarding digest authentication see RFC2617. See module
parameter force_stateless_reply regarding sending of the reply.
- Meaning of the parameters the same as for function www_challenge(realm,
- flags)
+ Meaning of the parameters is the same as for function
+ www_challenge(realm, flags)
This function can be used from REQUEST_ROUTE.
@@ -631,14 +632,14 @@ if (!proxy_authenticate("$fd", "subscriber")) {
The function challenges a user agent for authentication. It combines
the functions www_challenge() and proxy_challenge(), by calling
internally the first one for REGISTER requests and the second one for
- the rest of the request types.
+ the rest of other request types.
Meaning of the parameters the same as for function www_challenge(realm,
flags)
This function can be used from REQUEST_ROUTE.
- Example 20. proxy_challenge usage
+ Example 20. auth_challenge usage
...
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "1");
@@ -675,7 +676,7 @@ if (!auth_check("$fd", "subscriber", "1")) {
messages From header field domain can be used (e.g., varibale $fd).
The string may contain pseudo variables.
* passwd - the password to be used for authentication. Can contain
- config variables. Username is taken from Auth header.
+ config variables. The Username is taken from Auth header.
* flags - the value of this parameter can be a bitmask of following:
+ 1 - the value of password parameter is HA1 format
+ 2 - build challenge header with no qop and add it to avp
@@ -686,7 +687,7 @@ if (!auth_check("$fd", "subscriber", "1")) {
is optional and if not set is the first "word" on the request-line.
When challenge header is built and stored in avp, append_to_reply() and
- sl reply functions can be used to send appropriate SIP reply to
+ the sl reply functions can be used to send appropriate SIP reply to
challenge for authentication.
This function can be used from REQUEST_ROUTE.
@@ -738,7 +739,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
This function can be used from REQUEST_ROUTE.
- Example 23. pv_proxy_authenticate usage
+ Example 23. pv_auth_check usage
...
$avp(password)="xyz";
if (!pv_auth_check("$fd", "$avp(password)", "0", "1")) {
@@ -746,10 +747,10 @@ if (!pv_auth_check("$fd", "$avp(password)", "0", "1")) {
};
...
-1.4.9. auth_get_www_authenticate(realm, flags, pvdst)
+1.4.9. auth_get_www_authenticate(realm, flags, pvdest)
Build WWW-Authentication header and set the resulting value in 'pvdest'
- parameter.
+ pseudo-variable parameter.
Meaning of the realm and flags parameters is the same as for
pv_www_authenticate(realm, passwd, flags)
More information about the sr-dev
mailing list