[SR-Users] UAC and realm

Olle E. Johansson oej at edvina.net
Tue Nov 20 10:43:26 CET 2012 

20 nov 2012 kl. 10:25 skrev Johan Wilfer <lists at jttech.se>:

> Hi,
> 
> I've done some tests with the UAC module to authenticate to a remote proxy. I've based my config on this example: http://docs.huihoo.com/opensips/tutorials/uac/ar01s06.html (example 9)
> 
> I have found that if I send a call from a asterisk via kamailio to my remote proxy the realm the remote proxy uses is the ip-address of the asterisk-server (aaa.bbb.ccc.ddd). Like this:
> 
> WWW-Authenticate: Digest nonce="1353399363:8d2317487ee1521328d0e2237e444e2d",algorithm=MD5,realm="aaa.bbb.ccc.ddd",qop="auth",stale=false.
> 
> If I have a param like this, the auth works:
> modparam("uac","credential","username:aaa.bbb.ccc.ddd:password")
> 
> But as I would like to use more than one remote proxy (=more than one provider) per asterisk server this needs some more work.
Use the realm based authentication in Asterisk. Trying to insert authentication into a dialog will propably cause issues (as documented in the UAC module).

The other side seems to use the From: user domain as a realm. In Asterisk, you can set it with the fromdomain= variable.

/O
> 
> Is there a way to get UAC to ignore the realm from the remote proxy and send the auth anyway?
> 
> 
> Alternate paths I've examined:
> 1. Rewrite from-domain to get the provider to use another realm:
>     modparam("uac","credential","username:example.com:password")
>     uac_replace_from("sip:$fU at example.com");
> 
>     Works, but I don't think this is a very good solution.
> 
> 2. Use auth_username_avp / auth_password_avp / auth_realm_avp to
>   feed the uac_auth()-function the right credentials.
> 
>     modparam("uac","auth_username_avp","$avp(s:uac_user)")
>     modparam("uac","auth_password_avp","$avp(s:uac_pass)")
>     modparam("uac","auth_realm_avp","$avp(s:uac_realm)")
> 
>     in the failure route:
>     $avp(s:uac_user) = "username";
>     $avp(s:uac_pass) = "password";
>     $avp(s:uac_realm) = "aaa.bbb.ccc.ddd";
> 
>     This works as well, but I would like to either get the realm
>     the remote proxy sends and use it or make uac ignore the realm.
>     The realm is unimportant as we already know what proxy we are
>     talking to.
> 
>     I've tried $hdr(WWW-Authenticate) but it evaluates to null.
> 
> 
> Any ideas how to do this?
> 
> Thanks!
> 
> -- 
> Johan Wilfer
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

More information about the sr-users mailing list