[SR-Users] Using the auth_ephemeral module

Daniel-Constantin Mierla miconda at gmail.com
Tue Jan 17 15:41:42 CET 2017


Hello,


On 17/01/2017 14:38, Steve Davies wrote:
> Hi Daniel,
>
> On 17 January 2017 at 14:15, Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>     I guess you can use other modules such as http_client to interact
>     with the web service. The jansson module can be used to parse the
>     result.
>
>     Also, it should be possible to do it without interacting with the
>     web service, because you can compute the password using the shared
>     secret key. So, in this case, Kamailio doesn't need to interact
>     with the web service.
>
>
> Thanks for that, and to Carsten who also sent explanation.
>
> It seems like all that documentation about the web service is indeed a
> red-herring since the module is neither a client nor a provider of
> such a service.  There is no obligation to implement such a service as
> documented - since in any event auth_ephemeral neither implements nor
> consumes this web service.
>
> All auth_ephemeral does it to authenticate clients using a secret
> (password) that is encrypted using a shared key.  auth_ephemeral I
> guess decrypts the secret which is structured so that auth_ephemeral
> can tell that it is legit and unexpired.
>
> Do I have this right?
>
> Gotta say that the docs really don't make this clear.
>
The password used for SIP authentication is not decrypted. It is about
how the password is generated, so that the same value results when done
by web service and the sip server. The javascript relies on the
webservice to provides an short-term valid password. auth_ephemeral does
the same kind of processing as the webservice and should get the same
password. Using this password it computes the Digest response and if
there is match, then authentication is ok.

I guess you can still fetch the password through a web service in
kamailio.cfg (using http_client) and then use it with:

https://www.kamailio.org/docs/modules/stable/modules/auth_ephemeral.html#auth_eph.f.autheph_authenticate

If you can make the documentation more clear, contributions are welcome
-- the easiest would be pull request on github.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170117/3b5ec2d7/attachment.html>


More information about the sr-users mailing list