<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Hello,<br>

    <br>

    maybe woth looking at auth_diameter, which is sort of unmaintained,

    because of the lack of interest during the past years, but iirc, the

    authentication was done inside diameter server, which was returned

    ok/not-ok. I expect the module to need some coding, but could be not

    that big changes to bring it up to date.<br>

    <br>

    Cheers,<br>

    Daniel<br>

    <br>

    <div class="moz-cite-prefix">On 03/10/15 23:53, JB wrote:<br>

    </div>

    <blockquote

cite="mid:CAGZbGr7npPLTdeVkoQnLPo2QPC1LXGfGCYHV0KT-RBza66c=uQ@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>

          <div>Hello all, we are working on a SIP solution using

            Kamailio.<br>

            <br>

          </div>

          We want to secure our base of  user credentials even in case

          of attack on the SIP server, and for that reason we plan to

          use diameter authentication as described in RFC <span

            lang="FR-CH"> <a moz-do-not-send="true"

              href="http://www.rfc-base.org/txt/rfc-4740.txt"

              target="_blank">http://www.rfc-base.org/txt/rfc-4740.txt</a></span><br>

          <br>

        </div>

        Paragraph 6.2 describes a mode where the HSS answer with code <br>

        <pre>DIAMETER_MULTI_ROUND_AUTH ,and then validate user credential after a second round trip.

</pre>

        <pre><span style="font-family:arial,helvetica,sans-serif">This does NOT corresponds to what is done on Kamailio module ims_auth, where credentials (actually a hash of the credentials, but its enough to authenticate )

</span></pre>

        <pre><span style="font-family:arial,helvetica,sans-serif">) are pushed to kamailio, which does the computation of the expected answer (which corresponds to par 6.3 of the RFC 4740)

</span></pre>

        <pre><span style="font-family:arial,helvetica,sans-serif">Is there any kamailio module that would allow to use the method with </span>DIAMETER_MULTI_ROUND_AUTH ?

</pre>

        <pre><span style="font-family:arial,helvetica,sans-serif">Thank you

</span></pre>

        <pre><span style="font-family:arial,helvetica,sans-serif">JB</span>

</pre>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla

<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>

Book: SIP Routing With Kamailio - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>

Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - <a class="moz-txt-link-freetext" href="http://asipto.com/u/kat">http://asipto.com/u/kat</a></pre>

  </body>

</html>