[SR-Users] LDAP and Kerberos backend for authentification / Or PAM / SASL ?

Yoann Gini yoann.gini at gmail.com
Wed Apr 23 23:06:49 CEST 2014


Le 23 avr. 2014 à 09:50, Daniel-Constantin Mierla <miconda at gmail.com> a écrit :

> However, SIP RFC enforces www digest authentication and it is what all the phones I am aware of in the wild support now.

Thanks for all this informations.

That explain me why all SIP product I see on the market have this really big issue of requiring a distinct PIN code for SIP account.

As a sys admin who maintain a unique identity for all enterprise services, it’s hard to accept to make an exception for SIP…

I don’t understand how it's possible to end up on a RFC like that…

The good point for me is, on OS X Server, I’ve a private API who can provide me DIGEST challenge, so something is possible. But for my FreeBSD based server, I’m stuck…



TLS authentication is harder to deploy in SMB. That mean a internal CA and a overhead to ensure that each client certificate are well secured.


The solution of BASIC authentication over TLS connection (with certificate only on the server) is widely used by HTTPS based software or event e-mail protocols to allow add-on services to be connected to existing directory services without requiring access to clear text password.


Cheers,
Yoann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140423/c866614d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4806 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140423/c866614d/attachment.bin>


More information about the sr-users mailing list