[Serusers] Re: [Serdev] Auth* changes
Juha Heinanen
jh at tutpro.com
Fri Apr 22 18:34:43 CEST 2005
Greger V. Teigre writes:
> My personal opinion: Despite the latest commits, AVP loading from RADIUS is
> still in transition from being an add-on (avp_radius module) to being
> integrated in auth_radius and uri_radius. I would love to get rid of one
> auth (we have three today for each INVITE).
i too have floated the idea that authentication would return from radius
caller avps and does_uri_exist function callee avps. this way you would
not need to make any extra radius calls. because both caller and callee
may have the same attributes, i suggested to add "caller_" and "callee_"
prefix into avp names. using rpid as an example, callee can very well
have an rpid that will be used if callee decides to forward the call.
> This gives another question: Should Session-Type=Call-check always
> indicate that SIP-AVPs for callee should be returned, or is there
> other scenarios? (I don't really know, we haven't, but others may?)
my thinking has been that service type implicitly tells, which
attributes should be returned. if Service-Type is SIP-Session, radius
returns caller attributes and in case of Call-Check callee attributes.
you could still use the same database table for both.
regarding removing auth_radius, i need it for other things (such as sems
related stuff) and would thus like to keep it.
-- juha
More information about the sr-users
mailing list