[SR-Users] Distributed Authentication

SamyGo govoiper at gmail.com
Sat Jul 2 01:04:40 CEST 2016


Hi Collin,

I can only think that by doing this saving of nonce, and accessible by rest
of the boxes in cluster, isnt it going to put the authentication mechsnism
at risk ? Even if not, that means all the servers in your cluster supposed
to behave predictably same ! Hence again security concern !

Take a look at secret param for auth module:
http://www.kamailio.org/docs/modules/3.4.x/modules/auth.html

Regards,
Sammy
On Jul 1, 2016 18:10, "Colin Morelli" <colin.morelli at gmail.com> wrote:

> Hey all,
>
> I'm running a cluster of Kamailio instances as a proxy/registrar for
> another cluster of Freeswitch instances. I'm using http_async_client to
> make HTTP queries to my API to fetch credentials on auth challenges.
> Kamailio performs generating the header, and validating the result based on
> the data provided from my API.
>
> I'm fairly sure the answer is no, but I was wondering if Kamailio has any
> mechanism for getting access to the nonce/nc values in the challenges and
> responses so I can store them somewhere accessible to the whole cluster.
> Because my instances are transaction stateful, the request that is
> challenged and the subsequent request with the response may be routed to
> different instances and I want to validate the nonce correctly.
>
> I can move all of this into the API (the digest auth and verification),
> but my next question would be whether or not there are any APIs for getting
> access to this information in a structured format, or if I should just
> shove the whole digest auth header in the request to my API and
> parse/verify there.
>
> Thanks in advance.
>
> Best,
> Colin
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160701/869dd598/attachment.html>


More information about the sr-users mailing list