20 Sep
2012
20 Sep
'12
1:12 a.m.
Hi,
I am working on a project where a custom sip client will be integrated into a suite of
applications to provide voip. The sip client will be working with Kamailio. The goal is
to ensure that the client is authorized for communication with kamailio before allowing
any calls to be made. Conventional username/password authentication for individual users
will also be used once the client has been authenticated.
Currently other applications in the suite use a digital signature in the http headers when
communicating with server processes. If the signature is validated by the server process
then the applications identity is validated and communication with the server process is
allowed.
Is it possible to include a public key and digital signature in the register events and
have kamailio perform the transformation to validate the client's identity? If so
which module provides such functionality? Has something like this been implemented in the
past? Thanks for any input.
ttyl,Dave
20 Sep
20 Sep
9:17 a.m.
David Thomson writes:
Is it possible to include a public key and digital
signature in the
register events and have kamailio perform the transformation to
validate the client's identity? If so which module provides such
functionality? Has something like this been implemented in the past?
if you put signature info in some custom header of sip request, kamailio
has many ways to pass that info to external server that performs
validation unless a straight db query directly from kamailio is not
enough.
-- juha
10:51 a.m.
On 09/20/2012 01:12 AM, David Thomson wrote:
Hi,
I am working on a project where a custom sip client will be integrated
into a suite of applications to provide voip. The sip client will be
working with Kamailio. The goal is to ensure that the client is
authorized for communication with kamailio before allowing any calls
to be made. Conventional username/password authentication for
individual users will also be used once the client has been authenticated.
Hello,
Why not rely on TLS with client-side authentication. Just deploy the
client with a CA signed with a certificate known by Kamailio, and then
use the tls module with the following configuration to perform the
client-certificate check:
1.9.8. |require_certificate| (boolean)
When enabled it will require a certificate from a client. If the client
does not offer a certificate and |verify_certificate| is on, the
certificate verification will fail.
The default value is off.
More information http://kamailio.org/docs/modules/devel/modules/tls.html
Cheers,
Marius
Currently other applications in the suite use a
digital signature in
the http headers when communicating with server processes. If the
signature is validated by the server process then the applications
identity is validated and communication with the server process is
allowed.
Is it possible to include a public key and digital signature in the
register events and have kamailio perform the transformation to
validate the client's identity? If so which module provides such
functionality? Has something like this been implemented in the past?
Thanks for any input.
ttyl,
Dave
--
Zbihlei Marius
Head of
Linux Development Services Romania
1&1 Internet Development srl Tel KA: 754-9152
Str Mircea Eliade 18 Tel RO: +40-31-223-9152
Sect 1, Bucuresti mailto: marius.zbihlei(a)1and1.ro
71295, Romania
4446
days inactive
4447
days old
2 comments
3 participants
participants (3)
-
David Thomson -
Juha Heinanen -
Marius Zbihlei