[SR-Users] UAC and realm
Johan Wilfer
lists at jttech.se
Tue Nov 20 10:25:15 CET 2012
Hi,
I've done some tests with the UAC module to authenticate to a remote
proxy. I've based my config on this example:
http://docs.huihoo.com/opensips/tutorials/uac/ar01s06.html (example 9)
I have found that if I send a call from a asterisk via kamailio to my
remote proxy the realm the remote proxy uses is the ip-address of the
asterisk-server (aaa.bbb.ccc.ddd). Like this:
WWW-Authenticate: Digest
nonce="1353399363:8d2317487ee1521328d0e2237e444e2d",algorithm=MD5,realm="aaa.bbb.ccc.ddd",qop="auth",stale=false.
If I have a param like this, the auth works:
modparam("uac","credential","username:aaa.bbb.ccc.ddd:password")
But as I would like to use more than one remote proxy (=more than one
provider) per asterisk server this needs some more work.
Is there a way to get UAC to ignore the realm from the remote proxy and
send the auth anyway?
Alternate paths I've examined:
1. Rewrite from-domain to get the provider to use another realm:
modparam("uac","credential","username:example.com:password")
uac_replace_from("sip:$fU at example.com");
Works, but I don't think this is a very good solution.
2. Use auth_username_avp / auth_password_avp / auth_realm_avp to
feed the uac_auth()-function the right credentials.
modparam("uac","auth_username_avp","$avp(s:uac_user)")
modparam("uac","auth_password_avp","$avp(s:uac_pass)")
modparam("uac","auth_realm_avp","$avp(s:uac_realm)")
in the failure route:
$avp(s:uac_user) = "username";
$avp(s:uac_pass) = "password";
$avp(s:uac_realm) = "aaa.bbb.ccc.ddd";
This works as well, but I would like to either get the realm
the remote proxy sends and use it or make uac ignore the realm.
The realm is unimportant as we already know what proxy we are
talking to.
I've tried $hdr(WWW-Authenticate) but it evaluates to null.
Any ideas how to do this?
Thanks!
--
Johan Wilfer
More information about the sr-users
mailing list