1 Jul
2016
1 Jul
'16
6:10 p.m.
Hey all,
I'm running a cluster of Kamailio instances as a proxy/registrar for
another cluster of Freeswitch instances. I'm using http_async_client to
make HTTP queries to my API to fetch credentials on auth challenges.
Kamailio performs generating the header, and validating the result based on
the data provided from my API.
I'm fairly sure the answer is no, but I was wondering if Kamailio has any
mechanism for getting access to the nonce/nc values in the challenges and
responses so I can store them somewhere accessible to the whole cluster.
Because my instances are transaction stateful, the request that is
challenged and the subsequent request with the response may be routed to
different instances and I want to validate the nonce correctly.
I can move all of this into the API (the digest auth and verification), but
my next question would be whether or not there are any APIs for getting
access to this information in a structured format, or if I should just
shove the whole digest auth header in the request to my API and
parse/verify there.
Thanks in advance.
Best,
Colin
1 Jul
1 Jul
7:04 p.m.
Hi Collin,
I can only think that by doing this saving of nonce, and accessible by rest
of the boxes in cluster, isnt it going to put the authentication mechsnism
at risk ? Even if not, that means all the servers in your cluster supposed
to behave predictably same ! Hence again security concern !
Take a look at secret param for auth module:
http://www.kamailio.org/docs/modules/3.4.x/modules/auth.html
Regards,
Sammy
On Jul 1, 2016 18:10, "Colin Morelli" <colin.morelli(a)gmail.com> wrote:
Hey all,
I'm running a cluster of Kamailio instances as a proxy/registrar for
another cluster of Freeswitch instances. I'm using http_async_client to
make HTTP queries to my API to fetch credentials on auth challenges.
Kamailio performs generating the header, and validating the result based on
the data provided from my API.
I'm fairly sure the answer is no, but I was wondering if Kamailio has any
mechanism for getting access to the nonce/nc values in the challenges and
responses so I can store them somewhere accessible to the whole cluster.
Because my instances are transaction stateful, the request that is
challenged and the subsequent request with the response may be routed to
different instances and I want to validate the nonce correctly.
I can move all of this into the API (the digest auth and verification),
but my next question would be whether or not there are any APIs for getting
access to this information in a structured format, or if I should just
shove the whole digest auth header in the request to my API and
parse/verify there.
Thanks in advance.
Best,
Colin
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3154
days inactive
3154
days old
1 comments
2 participants
participants (2)
-
Colin Morelli -
SamyGo