This is a generic module that itself doesn't provide all functions necessary for authentication but provides functions that are needed by all other authentication related modules (so called authentication backends). We decided to divide the authentication code into several modules because there are now more than one backends (currently database authentication and radius are supported). This allows us to create separate packages so users can install and load only the required functionality. This also allows us to avoid unnecessary dependencies in the binary packages.
| Parámetro | Tipo | Descripción |
|---|---|---|
| auth_checks_register | flags | 3.2. auth_checks_no_dlg (flags) 3.3. auth_checks_in_dlg (flags) 3.4. qop (string) 3.5. nonce_count (boolean) 3.6. one_time_nonce (boolean) 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. |
| auth_checks_no_dlg | flags | 3.3. auth_checks_in_dlg (flags) 3.4. qop (string) 3.5. nonce_count (boolean) 3.6. one_time_nonce (boolean) 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. o |
| auth_checks_in_dlg | flags | 3.4. qop (string) 3.5. nonce_count (boolean) 3.6. one_time_nonce (boolean) 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. |
| qop | string | 3.5. nonce_count (boolean) 3.6. one_time_nonce (boolean) 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_orde |
| nonce_count | boolean | 3.6. one_time_nonce (boolean) 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_order (integer) 3.12. secret (s |
| one_time_nonce | boolean | 3.7. nid_pool_no (integer) 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_order (integer) 3.12. secret (string) 3.13. nonce_expire (int |
| nid_pool_no | integer | 3.8. nc_array_size (integer) 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_order (integer) 3.12. secret (string) 3.13. nonce_expire (integer) 3.14. nonce_auth_max_ |
| nc_array_size | integer | 3.9. nc_array_order (integer) 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_order (integer) 3.12. secret (string) 3.13. nonce_expire (integer) 3.14. nonce_auth_max_drift (integer) 3.15. force_s |
| nc_array_order | integer | 3.10. otn_in_flight_no (integer) 3.11. otn_in_flight_order (integer) 3.12. secret (string) 3.13. nonce_expire (integer) 3.14. nonce_auth_max_drift (integer) 3.15. force_stateless_reply (boolean) 3.16. |
| otn_in_flight_no | integer | 3.11. otn_in_flight_order (integer) 3.12. secret (string) 3.13. nonce_expire (integer) 3.14. nonce_auth_max_drift (integer) 3.15. force_stateless_reply (boolean) 3.16. realm_prefix (string) 3.17. use_ |
| otn_in_flight_order | integer | 3.12. secret (string) 3.13. nonce_expire (integer) 3.14. nonce_auth_max_drift (integer) 3.15. force_stateless_reply (boolean) 3.16. realm_prefix (string) 3.17. use_domain (boolean) 3.18. algorithm (st |
| secret | string | 3.13. nonce_expire (integer) 3.14. nonce_auth_max_drift (integer) 3.15. force_stateless_reply (boolean) 3.16. realm_prefix (string) 3.17. use_domain (boolean) 3.18. algorithm (string) 3.19. add_authin |
| nonce_expire | integer | 3.14. nonce_auth_max_drift (integer) 3.15. force_stateless_reply (boolean) 3.16. realm_prefix (string) 3.17. use_domain (boolean) 3.18. algorithm (string) 3.19. add_authinfo_hdr (boolean) |
| nonce_auth_max_drift | integer | 3.15. force_stateless_reply (boolean) 3.16. realm_prefix (string) 3.17. use_domain (boolean) 3.18. algorithm (string) 3.19. add_authinfo_hdr (boolean) |
| force_stateless_reply | boolean | 3.16. realm_prefix (string) 3.17. use_domain (boolean) 3.18. algorithm (string) 3.19. add_authinfo_hdr (boolean) |
| realm_prefix | string | 3.17. use_domain (boolean) 3.18. algorithm (string) 3.19. add_authinfo_hdr (boolean) |
| use_domain | boolean | 3.18. algorithm (string) 3.19. add_authinfo_hdr (boolean) |
| algorithm | string | 3.19. add_authinfo_hdr (boolean) |
| add_authinfo_hdr | boolean | 3.1. auth_checks_register (flags) |
| auth_checks_register | flags | See description of parameter auth_checks_in_dlg. |
| auth_checks_no_dlg | flags | See description of parameter auth_checks_in_dlg. |
| auth_checks_in_dlg | flags | These three module parameters control which optional integrity checks will be performed on the SIP message carrying digest response during SIP MD5 digest authentication. auth_checks_register controls |
| qop | string | If set, enable qop for challenges: each challenge will include a qop parameter. This is the recommended way, but some older non rfc3261 compliant UAs might get confused and might not authenticate prop |
| nonce_count | boolean | If enabled the received nc value is remembered and checked against the older value (for a successful authentication the received nc must be greater than the previously received one, see rfc2617 for mo |
| one_time_nonce | boolean | If set to 1 nonce reuse is disabled: each nonce is allowed only once, in the first response to a challenge. All the messages will be challenged, even retransmissions. Stateful mode should be used, to |
| nid_pool_no | integer | Controls the number of partitions for the nonce_count and one_time_nonce arrays (it's common to both of them to reduce the nonce size). |
| nc_array_size | integer | Maximum number of in-flight nonces for nonce_count. It represents the maximum nonces for which state will be kept. When this number is exceeded, state for the older nonces will be discarded to make sp |
| nc_array_order | integer | Equivalent to nc_array_size, but instead of directly specifying the size, its value is the power at which 2 should be raised (log2(nc_array_size)). |
| otn_in_flight_no | integer | Maximum number of in-flight nonces for one_time_nonce. It represents the maximum number of nonces remembered for the one-time-nonce check. When this number is exceeded, information about older nonces |
| otn_in_flight_order | integer | Equivalent to otn_in_flight_no, but instead of directly specifying the size, its value is the power at which 2 should be raised (log2(otn_in_flight_no)). |
4.2. has_credentials(realm) 4.3. www_challenge(realm, flags) 4.4. proxy_challenge(realm, flags) 4.5. auth_challenge(realm, flags) 4.6. pv_www_authenticate(realm, passwd, flags [, method]) 4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_
4.3. www_challenge(realm, flags) 4.4. proxy_challenge(realm, flags) 4.5. auth_challenge(realm, flags) 4.6. pv_www_authenticate(realm, passwd, flags [, method]) 4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_check(realm, passwd, flags,
4.4. proxy_challenge(realm, flags) 4.5. auth_challenge(realm, flags) 4.6. pv_www_authenticate(realm, passwd, flags [, method]) 4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_check(realm, passwd, flags, checks) 4.9. auth_get_www_authent
4.5. auth_challenge(realm, flags) 4.6. pv_www_authenticate(realm, passwd, flags [, method]) 4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_check(realm, passwd, flags, checks) 4.9. auth_get_www_authenticate(realm, flags, pvdest) 4.10. a
4.6. pv_www_authenticate(realm, passwd, flags [, method]) 4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_check(realm, passwd, flags, checks) 4.9. auth_get_www_authenticate(realm, flags, pvdest) 4.10. auth_algorithm(algorithm)
4.7. pv_proxy_authenticate(realm, passwd, flags) 4.8. pv_auth_check(realm, passwd, flags, checks) 4.9. auth_get_www_authenticate(realm, flags, pvdest) 4.10. auth_algorithm(algorithm)
4.8. pv_auth_check(realm, passwd, flags, checks) 4.9. auth_get_www_authenticate(realm, flags, pvdest) 4.10. auth_algorithm(algorithm)
4.9. auth_get_www_authenticate(realm, flags, pvdest) 4.10. auth_algorithm(algorithm)
4.10. auth_algorithm(algorithm)
4.1. consume_credentials()
This function removes previously authorized credential headers from the message being processed by the server. That means that the downstream message will not contain credentials there were used by this server. This ensures that the proxy will not re
This function returns true if the request has Authorization or Proxy-Authorization header with provided realm. The parameter can be string with pseudo-variables.
The function challenges a user agent. It will generate a WWW-Authorize header field containing a digest challenge, it will put the header field into a response generated from the request the server is processing and send the 401 reply. Upon reception
The function challenges a user agent. It will generate a Proxy-Authorize header field containing a digest challenge, it will put the header field into a response generated from the request the server is processing and send the 407 reply. Upon recepti
The function challenges a user agent for authentication. It combines the functions www_challenge() and proxy_challenge(), by calling internally the first one for REGISTER requests and the second one for the rest of other request types. In other words
The function verifies credentials according to RFC2617. If the credentials are verified successfully then the function will succeed and mark the credentials as authorized (marked credentials can be later used by some other functions). If the function
The function verifies credentials according to RFC2617. If the credentials are verified successfully then the function will succeed and mark the credentials as authorized (marked credentials can be later used by some other functions). If the function
The function combines the functionalities of pv_www_authenticate and pv_proxy_authenticate, first being executed if the SIP request is a REGISTER, the second for the rest.
Build WWW-Authentication header and set the resulting value in 'pvdest' pseudo-variable parameter.
Set hash algorithm used for digest authentication thus overriding algorithm parameter. Possible values are the same as those of algorithm parameter. The parameter may be a pseudo variable.
Copyright © 2002, 2003 FhG FOKUS
