[kamailio/kamailio] Add Username support for authentication in redis and sentinel w.r.t NDB REDIS (Issue #3552)
<!-- Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for feature requests.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio....
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.or...
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If you submit a feature request (or enhancement) add the description of what you would like to be added.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment). -->
### Description The current issue revolves around the absence of username support within the NDB REDIS KAMALIO framework when dealing with Redis, particularly concerning the Redis and Sentinel components. While Redis inherently offers the capability to utilize both usernames and passwords during authentication, this capability is not currently extended to the NDB REDIS KAMALIO setup.
As a result, when attempting to establish connections to Redis instances through NDB REDIS KAMALIO, there is no provision for providing a username as part of the authentication process. Instead, the framework only accommodates the usage of passwords for authentication. This stands in contrast to Redis, which permits the inclusion of both usernames and passwords for enhanced security measures.
Consequently, the limitation within NDB REDIS KAMALIO can hinder organizations seeking to ensure comprehensive security practices, especially when the requirement is to employ both usernames and passwords for authentication. This divergence between the authentication capabilities of Redis and NDB REDIS KAMALIO can potentially compromise security standards and hinder compatibility with certain authentication setups.
To address this issue, it would be essential for the development team behind NDB REDIS KAMALIO to enhance the framework's capabilities by incorporating support for username-based authentication in addition to passwords. This alignment with Redis's authentication model would ensure that organizations can confidently implement secure data interactions while maintaining consistency with established security policies <!-- Explain what you did, what you expected to happen, and what actually happened. -->
### Expected behavior The expected behavior entails an improvement within the NDB REDIS KAMALIO framework to support both usernames and passwords for authentication when interacting with Redis instances, particularly in the Redis and Sentinel components. This enhancement would bring NDB REDIS KAMALIO in line with Redis's native authentication capabilities, where both usernames and passwords are accepted during the authentication process.
Upon implementing this improvement, users of NDB REDIS KAMALIO should be able to configure their connections by providing both a username and a password as part of the authentication details. This allows NDB REDIS KAMALIO to establish connections to Redis instances that require both authentication credentials, thereby enhancing security and ensuring compatibility with various authentication setups.
By incorporating support for usernames in addition to passwords, NDB REDIS KAMALIO can accommodate organizations that require comprehensive security measures, especially in scenarios where username-based authentication is mandated. This alignment with Redis's authentication model would enable organizations to effectively collect, manage, and interact with data while adhering to established security policies.
In summary, the expected behavior is that NDB REDIS KAMALIO should be upgraded to offer support for usernames and passwords during authentication, mirroring Redis's capabilities. This enhancement ensures a consistent and secure approach to data interactions and supports various authentication requirements within Redis environments #### Actual observed behavior The current actual behavior is that NDB REDIS KAMALIO does not have the capability to accept usernames as part of the authentication process when connecting to Redis instances, specifically in both the Redis and Sentinel components. While Redis itself allows for the usage of both usernames and passwords for authentication, this feature is not currently integrated into the NDB REDIS KAMALIO framework.
As a result, when configuring connections to Redis instances using NDB REDIS KAMALIO, there is no provision to include a username alongside the authentication details. The framework only accommodates the use of passwords for authentication purposes. This deviation from Redis's authentication model could lead to compatibility issues with certain authentication setups, particularly those that mandate the use of both usernames and passwords.
In essence, the actual behavior is that NDB REDIS KAMALIO falls short of aligning with Redis's authentication capabilities, thereby potentially hindering secure data interactions and limiting compatibility with certain security policies. Users attempting to adhere to comprehensive authentication practices may face challenges when utilizing NDB REDIS KAMALIO due to its inability to support usernames during authentication.
To address this actual behavior, it would be necessary to enhance NDB REDIS KAMALIO's capabilities to include support for both usernames and passwords during the authentication process. This enhancement would ensure that organizations can confidently utilize NDB REDIS KAMALIO while maintaining the security standards and authentication requirements necessary for their Redis environments. #### Debugging Data
``` (paste your debugging data here) ```
#### Log Messages
<!-- Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site). -->
``` (paste your log messages here) ```
#### SIP Traffic
<!-- If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site). -->
``` (paste your sip traffic here) ```
### Possible Solutions
<!-- If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a improvement. -->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
``` (paste your output here) ```
* **Operating System**:
<!-- Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...; Kernel details (output of `uname -a`) -->
``` (paste your output here) ```
Thank you for a very detailed report. However, this is a feature request. Do you have any resources to put towards development of this feature? This is best discussed on the mailing list until we have a code contribution.
Hello , we regret to inform you that due to our team current commitments , we are unable to allocate the nessary resources for this perticular enhancement. thanks
Thank you for the feedback. We've marked this as a feature request and will keep it open for a short while if any developer wants to jump on it. If not, we'll close it within a short while and reopen once there is some development effort.
We do like getting suggestions, but preferably we'll discuss them on the mailing lists.
This issue is stale because it has been open 6 weeks with no activity. Remove stale label or comment or this will be closed in 2 weeks.
Closed #3552 as not planned.
-
github-actions[bot] -
hemanth-vulavala
-
Olle E. Johansson