[SR-Users] LDAP and Kerberos backend for authentification / Or PAM / SASL ?

Daniel-Constantin Mierla miconda at gmail.com
Tue Apr 22 11:03:20 CEST 2014


the constraint to have access to text password or HA1 format (md5 over 
username, password, realm) comes from WWW Authentication mechanism which 
is used by SIP.

Writing something different in kamailio would be possible (it is open 
source), but you don't have phones able to do it and provide the 
adequate details.

The only alternative now is using tls/ssl client certificates that 
attest who is the user/phone.


On 21/04/14 13:56, Yoann Gini wrote:
> Hello,
> My users are managed on a common LDAP / Kerberos setup. I don’t have 
> access in any ways to the user password in clear text mode.
> I’ve start to follow this tutorial 
> http://www.kamailio.org/wiki/tutorials/mini-howto-admin/ldap-user-auth and 
> check this documenation 
> http://kamailio.org/docs/modules/4.1.x/modules/ldap.html
> But it seems LDAP module provided in Kamailio don’t handle this 
> scenario, it except to have user password in clear text mode in the 
> LDAP database (wrong in so many ways…).
> Do we have a way with existing Kamailio plugin to use a authentication 
> backend who don’t provide access to clear text password?
> I provide different authentication « adapter » who can help any 
> service not compatible with Kerberos to handle authentication:
> - ldap bind
> - sasl
> - pam
> Do we’ve a way to use one of this backend as an authentication service 
> (and not just a users database).
> Best regards,
> Yoann
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140422/279615a3/attachment.html>

More information about the sr-users mailing list