Author Topic: Users authentication  (Read 9021 times)

marchew

  • Newbie
  • *
  • Posts: 1
    • View Profile
Users authentication
« on: September 23, 2013, 05:50:04 AM »
I'm writing an external module for Yate. Amogst other things i want to authenticate users connecting to Yate via SIP. It works when i send an answer for user.auth with password as a retval.
Is there any possibility other than replying with cleartext password? Can i send md5(username:realm:password) or something similar instead?

vankooch

  • Administrator
  • Newbie
  • *****
  • Posts: 49
    • View Profile
Re: Users authentication
« Reply #1 on: October 17, 2013, 12:02:22 PM »
You can use SIPS which encrypts the SIP messages, so passwords are not so plain. Yate does already support sips and rtps. Have look at the docs.
If you can make sure your sip clients do support md5 password authentication, then you could use a database backend in yate for registration. The query which fires up, needs then to check the hash.

marian

  • Hero Member
  • *****
  • Posts: 513
    • View Profile
Re: Users authentication
« Reply #2 on: October 18, 2013, 01:14:49 AM »
The password you are returning in user.auth return value is not sent back on sip.
The sip module will check user credentials using the returned password and will accept or not the request.