[SR-Users] Using the auth_ephemeral module

Carsten Bock carsten at ng-voice.com
Tue Jan 17 14:08:48 CET 2017 

Hi,

the idea between ephemeral passwords is, that any webservice can
create username/passwords without explicitly provisioning them on the
other servers.
The auth_ephemeral module does not provide the webserver, but only the
compability to authenticate based on a shared secret.

You may e.g. use the following PHP function to create a username,
which is valid for the next 3 hours (3*3600):

function getEphemeralUsername($username) {
   $timeout = time () + (3 * 3600);
   return $timeout . ':' . $username;
}

With this "temporary username" and the shared secret, you can now
create a temporary password:

function getEphemeralPassword($temporary_user, $shared_secret) {
     return base64_encode ( hash_hmac ( 'sha1', $temporary_user,
$shared_secret, true ) );
}

$secret = "imsrulez";
$username = getEphemeralUsername('steve');
// Creates: '<-unix-timestamp:valid until->:steve'
$password = getEphemeralPassword($username, $secet);

The documation refers to any website, which could provide the
username/password (e.g. even a homepage without any API interaction).

On Kamailio, you can now verify the username/password, if you
configure the same "shared password":

modparam("auth_ephemeral", "secret", "imsrulez")

Thanks,
Carsten


2017-01-17 12:53 GMT+01:00 Steve Davies
<steve-lists-srusers at connection-telecom.com>:
> Hi Peter Dunkley or anyone else who can throw me some clue,
>
> I'm interested in using the auth_ephemeral module to authenticate
> registrations with the help of an external web service.
>
> But I'm reading and reading the documentation and I'm clearly missing
> something.
>
> The document starts by describing how "the web service" should work.  I
> understand fully that I must implement this web service.
>
> But nowhere in the documentation with auth_ephemeral do you tell the module
> the URL where the service is found.
>
> Whilst the Makefile includes libcurl when static linking is used, there are
> no calls to the curl library in the auth_ephemeral module, or to socket() or
> connect().
>
> So I don't see that this module can act as a client to the documented web
> service?
>
> What am I failing to understand?
>
> Thanks,
> Steve
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>



-- 
Carsten Bock
CEO (Geschäftsführer)

ng-voice GmbH
Millerntorplatz 1
20359 Hamburg / Germany

http://www.ng-voice.com
mailto:carsten at ng-voice.com

Office +49 40 5247593-40
Fax +49 40 5247593-99

Sitz der Gesellschaft: Hamburg
Registergericht: Amtsgericht Hamburg, HRB 120189
Geschäftsführer: Carsten Bock
Ust-ID: DE279344284

Hier finden Sie unsere handelsrechtlichen Pflichtangaben:
http://www.ng-voice.com/imprint/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Ephemeral Passwords.pdf
Type: application/pdf
Size: 181330 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170117/2e806c38/attachment.pdf>

More information about the sr-users mailing list