Hello,

maybe woth looking at auth_diameter, which is sort of unmaintained, because of the lack of interest during the past years, but iirc, the authentication was done inside diameter server, which was returned ok/not-ok. I expect the module to need some coding, but could be not that big changes to bring it up to date.

Cheers,
Daniel

On 03/10/15 23:53, JB wrote:

Hello all, we are working on a SIP solution using Kamailio.

We want to secure our base of user credentials even in case of attack on the SIP server, and for that reason we plan to use diameter authentication as described in RFC http://www.rfc-base.org/txt/rfc-4740.txt

Paragraph 6.2 describes a mode where the HSS answer with code
DIAMETER_MULTI_ROUND_AUTH ,and then validate user credential after a second round trip.
This does NOT corresponds to what is done on Kamailio module ims_auth, where credentials (actually a hash of the credentials, but its enough to authenticate )
) are pushed to kamailio, which does the computation of the expected answer (which corresponds to par 6.3 of the RFC 4740)
Is there any kamailio module that would allow to use the method with DIAMETER_MULTI_ROUND_AUTH ?
Thank you
JB
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat