[SR-Users] authentication for client applications

Marius Zbihlei marius.zbihlei at 1and1.ro
Thu Sep 20 09:51:17 CEST 2012 

On 09/20/2012 01:12 AM, David Thomson wrote:
> Hi,
>
> I am working on a project where a custom sip client will be integrated 
> into a suite of applications to provide voip.  The sip client will be 
> working with Kamailio.  The goal is to ensure that the client is 
> authorized for communication with kamailio before allowing any calls 
> to be made.  Conventional username/password authentication for 
> individual users will also be used once the client has been authenticated.
>
Hello,

Why not rely on TLS with client-side authentication. Just deploy the 
client with a CA signed with a certificate known by  Kamailio, and then 
use the tls module with the following configuration to perform the 
client-certificate check:

1.9.8. |require_certificate| (boolean)

When enabled it will require a certificate from a client. If the client 
does not offer a certificate and |verify_certificate| is on, the 
certificate verification will fail.

The default value is off.

More information http://kamailio.org/docs/modules/devel/modules/tls.html

Cheers,
Marius


> Currently other applications in the suite use a digital signature in 
> the http headers when communicating with server processes.  If the 
> signature is validated by the server process then the applications 
> identity is validated and communication with the server process is 
> allowed.
>
> Is it possible to include a public key and digital signature in the 
> register events and have kamailio perform the transformation to 
> validate the client's identity?  If so which module provides such 
> functionality?  Has something like this been implemented in the past? 
>  Thanks for any input.
>
> ttyl,
> Dave


-- 
Zbihlei Marius

Head of
Linux Development Services Romania

1&1 Internet Development srl    Tel KA: 754-9152
Str Mircea Eliade 18            Tel RO: +40-31-223-9152
Sect 1, Bucuresti               mailto: marius.zbihlei at 1and1.ro
71295, Romania

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120920/e35afee9/attachment.htm>

More information about the sr-users mailing list