6 Oct
2015
6 Oct
'15
2:33 p.m.
Thanks for the suggestion about auth_diameter, do you think there would be
an interest in the community if we were to do this modification on ims_auth
or auth_diameter ? could it be integrated to trunk ?
We do not want to publish our own fork of ims_auth or auth_diameter with
that small change and maintain the code repository if it can be avoided, so
it would be nice if we can put it in the trunk and forget about it. Plus it
is more open source oriented to publish to main branch i feel :)
JB
2015-10-03 23:53 GMT+02:00 JB <jbf.nospam(a)gmail.com>om>:
Hello all, we are working on a SIP solution using
Kamailio.
We want to secure our base of user credentials even in case of attack on
the SIP server, and for that reason we plan to use diameter authentication
as described in RFC http://www.rfc-base.org/txt/rfc-4740.txt
Paragraph 6.2 describes a mode where the HSS answer with code
DIAMETER_MULTI_ROUND_AUTH ,and then validate user credential after a second round trip.
This does NOT corresponds to what is done on Kamailio module ims_auth, where credentials
(actually a hash of the credentials, but its enough to authenticate )
) are pushed to kamailio, which does the computation of the expected answer (which
corresponds to par 6.3 of the RFC 4740)
Is there any kamailio module that would allow to use the method with
DIAMETER_MULTI_ROUND_AUTH ?
Thank you
JB