Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
A
asterisk
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Issue analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Voice
asterisk
Commits
5f3d96a7
Commit
5f3d96a7
authored
3 years ago
by
George Joseph
Browse files
Options
Downloads
Patches
Plain Diff
res_pjsip: Update documentation for the auth object
Change-Id: I2f76867ce02ec611964925159be099de83346e38
parent
88aec107
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
configs/samples/pjsip.conf.sample
+38
-8
38 additions, 8 deletions
configs/samples/pjsip.conf.sample
res/res_pjsip.c
+63
-18
63 additions, 18 deletions
res/res_pjsip.c
with
101 additions
and
26 deletions
configs/samples/pjsip.conf.sample
+
38
−
8
View file @
5f3d96a7
...
...
@@ -939,14 +939,44 @@
; "config show help res_pjsip auth realm" or on the wiki for the
; difference.
;
;auth_type=userpass ; Authentication type (default: "userpass")
;nonce_lifetime=32 ; Lifetime of a nonce associated with this
; authentication config (default: "32")
;md5_cred= ; MD5 Hash used for authentication (default: "")
;password= ; PlainText password used for authentication (default: "")
;realm= ; SIP realm for endpoint (default: "")
;type= ; Must be auth (default: "")
;username= ; Username to use for account (default: "")
;auth_type=userpass ; Authentication type. May be
; "userpass" for plain text passwords or
; "md5" for pre-hashed credentials.
; (default: "userpass")
;nonce_lifetime=32 ; Lifetime of a nonce associated with this
; authentication config (default: "32")
;md5_cred= ; As an alternative to specifying a plain text password,
; you can hash the username, realm and password
; together one time and place the hash value here.
; The input to the hash function must be in the
; following format:
; <username>:<realm>:<password>
; For incoming authentication (asterisk is the server),
; the realm must match either the realm set in this object
; or the default set in in the "global" object.
; For outgoing authentication (asterisk is the client),
; the realm must match what the server will be sending
; in their WWW-Authenticate header. It can't be blank
; unless you expect the server to be sending a blank
; realm in the header.
; You can generate the hash with the following shell
; command:
; $ echo -n "myname:myrealm:mypassword" | md5sum
; Note the '-n'. You don't want a newline to be part
; of the hash. (default: "")
;password= ; PlainText password used for authentication (default: "")
;realm= ; For incoming authentication (asterisk is the server),
; this is the realm to be sent on WWW-Authenticate
; headers. If not specified, the global object's
; "default_realm" will be used.
; For outgoing authentication (asterisk is the client), this
; must either be the realm the server is expected to send,
; or blank to automatically use the realm sent by the server.
; If you have multiple auth object for an endpoint, the realm
; is also used to match the auth object to the realm the
; server sends. (default: "")
;type= ; Must be auth (default: "")
;username= ; Username to use for account (default: "")
;==========================DOMAIN_ALIAS SECTION OPTIONS=========================
...
...
This diff is collapsed.
Click to expand it.
res/res_pjsip.c
+
63
−
18
View file @
5f3d96a7
...
...
@@ -1499,9 +1499,51 @@
<configOption name="nonce_lifetime" default="32">
<synopsis>Lifetime of a nonce associated with this authentication config.</synopsis>
</configOption>
<configOption name="md5_cred">
<configOption name="md5_cred"
default=""
>
<synopsis>MD5 Hash used for authentication.</synopsis>
<description><para>Only used when auth_type is <literal>md5</literal>.</para></description>
<description><para>
Only used when auth_type is <literal>md5</literal>.
As an alternative to specifying a plain text password,
you can hash the username, realm and password
together one time and place the hash value here.
The input to the hash function must be in the
following format:
</para>
<para>
</para>
<para>
<username>:<realm>:<password>
</para>
<para>
</para>
<para>
For incoming authentication (asterisk is the server),
the realm must match either the realm set in this object
or the <variable>default_realm</variable> set in in the
<replaceable>global</replaceable> object.
</para>
<para>
</para>
<para>
For outgoing authentication (asterisk is the client),
the realm must match what the server will be sending
in their WWW-Authenticate header. It can't be blank
unless you expect the server to be sending a blank
realm in the header.
You can generate the hash with the following shell
command:
</para>
<para>
</para>
<para>
$ echo -n "myname:myrealm:mypassword" | md5sum
</para>
<para>
</para>
<para>
Note the '-n'. You don't want a newline to be part
of the hash.
</para></description>
</configOption>
<configOption name="password">
<synopsis>Plain text password used for authentication.</synopsis>
...
...
@@ -1516,25 +1558,28 @@
<configOption name="oauth_secret">
<synopsis>OAuth 2.0 application's secret</synopsis>
</configOption>
<configOption name="realm">
<configOption name="realm"
default=""
>
<synopsis>SIP realm for endpoint</synopsis>
<description><para>
The treatment of this value depends upon how the authentication
object is used.
</para><para>
When used as an inbound authentication object, the realm is sent
as part of the challenge so the peer can know which key to use
when responding. An empty value will use the
<replaceable>global</replaceable> section's
<literal>default_realm</literal> value when issuing a challenge.
</para><para>
When used as an outbound authentication object, the realm is
matched with the received challenge realm to determine which
authentication object to use when responding to the challenge. An
empty value matches any challenging realm when determining
which authentication object matches a received challenge.
For incoming authentication (asterisk is the server),
this is the realm to be sent on WWW-Authenticate
headers. If not specified, the <replaceable>global</replaceable>
object's <variable>default_realm</variable> will be used.
</para>
<note><para>
<para>
</para>
<para>
For outgoing authentication (asterisk is the client), this
must either be the realm the server is expected to send,
or blank to automatically use the realm sent by the server.
If you have multiple auth object for an endpoint, the realm
is also used to match the auth object to the realm the
server sent.
</para>
<para>
</para>
<note>
<para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
