Re: [sr-dev] git:master: auth: added new error code to auth API

Hello, actually nothing changed to the old functions. A new one was added to auth_db module, auth_check() that combines the www/proxy_auth* functions, and another one to auth module, auth_challenge() that combines internally www/proxy_challenge(). For now, auth_check() can do in addition a check of auth username against to/from header username. So, nothing has changed to the old functions, backward compatibility is fully ensured, and I have no plan to touch them. One of the purposes of the new function is to reduce the size of default config, by offering the behavior of common use case. The user check is done based on a parameter flag anyhow. The next plan with this function is to bind to htable module (a matter of a module parameter) to count failed authentications per user and give the option to write a log message to alert and temporary disable authentication for users failing to authenticate several times in a row -- in other words, a way to protect against dictionary attacks. This can be achieved with config file scripting, but for new comers might not be that obvious how to do it, and in context of many such scanning attacks that happen lately, I found it interesting to just make an out of the box function for it. Cheers, Daniel On 11/15/11 3:15 AM, Juha Heinanen wrote: -- Daniel-Constantin Mierla -- http://www.asipto.com Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat http://linkedin.com/in/miconda -- http://twitter.com/miconda