Hi Peter Dunkley or anyone else who can throw me some clue, I'm interested in using the auth_ephemeral module to authenticate registrations with the help of an external web service. But I'm reading and reading the documentation and I'm clearly missing something. The document starts by describing how "the web service" should work. I understand fully that I must implement this web service. But nowhere in the documentation with auth_ephemeral do you tell the module the URL where the service is found. Whilst the Makefile includes libcurl when static linking is used, there are no calls to the curl library in the auth_ephemeral module, or to socket() or connect(). So I don't see that this module can act as a client to the documented web service? What am I failing to understand? Thanks, Steve

Hi Daniel, On 17 January 2017 at 14:15, Daniel-Constantin Mierla <miconda(a)gmail.com> wrote: It seems like all that documentation about the web service is indeed a red-herring since the module is neither a client nor a provider of such a service. There is no obligation to implement such a service as documented - since in any event auth_ephemeral neither implements nor consumes this web service. All auth_ephemeral does it to authenticate clients using a secret (password) that is encrypted using a shared key. auth_ephemeral I guess decrypts the secret which is structured so that auth_ephemeral can tell that it is legit and unexpired. Do I have this right? Gotta say that the docs really don't make this clear. Thanks, Steve

On 17/01/2017 14:58, Carsten Bock wrote: Done! Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - May 8-10, 2017 - www.kamailioworld.com

Hi, the idea between ephemeral passwords is, that any webservice can create username/passwords without explicitly provisioning them on the other servers. The auth_ephemeral module does not provide the webserver, but only the compability to authenticate based on a shared secret. You may e.g. use the following PHP function to create a username, which is valid for the next 3 hours (3*3600): function getEphemeralUsername($username) { $timeout = time () + (3 * 3600); return $timeout . ':' . $username; } With this "temporary username" and the shared secret, you can now create a temporary password: function getEphemeralPassword($temporary_user, $shared_secret) { return base64_encode ( hash_hmac ( 'sha1', $temporary_user, $shared_secret, true ) ); } $secret = "imsrulez"; $username = getEphemeralUsername('steve'); // Creates: '<-unix-timestamp:valid until->:steve' $password = getEphemeralPassword($username, $secet); The documation refers to any website, which could provide the username/password (e.g. even a homepage without any API interaction). On Kamailio, you can now verify the username/password, if you configure the same "shared password": modparam("auth_ephemeral", "secret", "imsrulez") Thanks, Carsten 2017-01-17 12:53 GMT+01:00 Steve Davies &lt;steve-lists-srusers(a)connection-telecom.com&gt;om>: -- Carsten Bock CEO (Geschäftsführer) ng-voice GmbH Millerntorplatz 1 20359 Hamburg / Germany http://www.ng-voice.com mailto:carsten@ng-voice.com Office +49 40 5247593-40 Fax +49 40 5247593-99 Sitz der Gesellschaft: Hamburg Registergericht: Amtsgericht Hamburg, HRB 120189 Geschäftsführer: Carsten Bock Ust-ID: DE279344284 Hier finden Sie unsere handelsrechtlichen Pflichtangaben: http://www.ng-voice.com/imprint/