20 Sep
2012
20 Sep
'12
3:51 a.m.
On 09/20/2012 01:12 AM, David Thomson wrote:
Hi,
I am working on a project where a custom sip client will be integrated
into a suite of applications to provide voip. The sip client will be
working with Kamailio. The goal is to ensure that the client is
authorized for communication with kamailio before allowing any calls
to be made. Conventional username/password authentication for
individual users will also be used once the client has been authenticated.
Hello,
Why not rely on TLS with client-side authentication. Just deploy the
client with a CA signed with a certificate known by Kamailio, and then
use the tls module with the following configuration to perform the
client-certificate check:
1.9.8. |require_certificate| (boolean)
When enabled it will require a certificate from a client. If the client
does not offer a certificate and |verify_certificate| is on, the
certificate verification will fail.
The default value is off.
More information http://kamailio.org/docs/modules/devel/modules/tls.html
Cheers,
Marius
Currently other applications in the suite use a
digital signature in
the http headers when communicating with server processes. If the
signature is validated by the server process then the applications
identity is validated and communication with the server process is
allowed.
Is it possible to include a public key and digital signature in the
register events and have kamailio perform the transformation to
validate the client's identity? If so which module provides such
functionality? Has something like this been implemented in the past?
Thanks for any input.
ttyl,
Dave
--
Zbihlei Marius
Head of
Linux Development Services Romania
1&1 Internet Development srl Tel KA: 754-9152
Str Mircea Eliade 18 Tel RO: +40-31-223-9152
Sect 1, Bucuresti mailto: marius.zbihlei(a)1and1.ro
71295, Romania