[SR-Users] diameter auth with round trip

Daniel-Constantin Mierla miconda at gmail.com
Tue Oct 6 08:07:10 CEST 2015


maybe woth looking at auth_diameter, which is sort of unmaintained,
because of the lack of interest during the past years, but iirc, the
authentication was done inside diameter server, which was returned
ok/not-ok. I expect the module to need some coding, but could be not
that big changes to bring it up to date.


On 03/10/15 23:53, JB wrote:
> Hello all, we are working on a SIP solution using Kamailio.
> We want to secure our base of  user credentials even in case of attack
> on the SIP server, and for that reason we plan to use diameter
> authentication as described in RFC
> http://www.rfc-base.org/txt/rfc-4740.txt
> Paragraph 6.2 describes a mode where the HSS answer with code
> DIAMETER_MULTI_ROUND_AUTH ,and then validate user credential after a second round trip.
> This does NOT corresponds to what is done on Kamailio module ims_auth,
> where credentials (actually a hash of the credentials, but its enough
> to authenticate )
> ) are pushed to kamailio, which does the computation of the expected
> answer (which corresponds to par 6.3 of the RFC 4740)
> Is there any kamailio module that would allow to use the method with DIAMETER_MULTI_ROUND_AUTH ?
> Thank you
> JB
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151006/4d507646/attachment.html>

More information about the sr-users mailing list