InicioMódulos › 🔒 Autenticación y Seguridad › auth_diameter
← Volver al índice de módulos

auth_diameter

This module implements SIP authentication and authorization with DIAMETER server, namely DIameter Server Client (DISC). NOTE: diameter support was developed for DISC (DIameter Server Client project at
🔒 Autenticación y Seguridad Kamailio 6.1 6 parámetros 6 funciones

Descripción general

This module implements SIP authentication and authorization with DIAMETER server, namely DIameter Server Client (DISC). NOTE: diameter support was developed for DISC (DIameter Server Client project at http://developer.berlios.de/projects/disc/). This project seems to be no longer maintained and DIAMETER specifications were updated in the meantime. Thus, the module is obsolete and needs rework to be usable with opendiameter or other DIAMETER servers. The digest authentication mechanism is presented in next figure. Example 1.1. Digest Authentication ... a) First phase of Digest Authentication for SIP: +----+ SIP INVITE +=====+ DIAMETER +------+ +------+ | | no Auth hdr #/////# AA-Request | | | | | |---------1--->#/////#-------2------->| |---2-->| | |UAC | #UAS//# |DClnt | |DSrv | | |<-----4-------#(SER)#<------3--------|(DISC)|<--3---|(DISC)| | | 401 #/////# DIAMETER | | | | +----+ Unauthorized +=====+ AA-Answer +------+ +------+ Result-Code=4001 b) Second phase of Digest Authentication for SIP: +----+ SIP INVITE +=====+ DIAMETER +------+ +----+ | | Auth hdr #/////# AA-Request | | | | | |--------1---->#/////#-------2------>| |---2-->| | |UAC | #UAS//# |DClnt | |DSrv| | |<-------4-----#(SER)#<------3-------| |<--3---| | | | 200 OK #/////# DIAMETER | | | | +----+ +=====+ AA-Answer +------+ +----+ Result-Code=2001 ...

Documentación oficial: https://www.kamailio.org/docs/modules/stable/modules/auth_diameter.html
Código fuente: https://github.com/kamailio/kamailio/tree/master/src/modules/auth_diameter

Parámetros de configuración

ParámetroTipoDescripción
diameter_client_host string 3.2. diameter_client_port (int) 3.3. use_domain (int)
diameter_client_port int 3.3. use_domain (int)
use_domain int 3.1. diameter_client_host (string)
diameter_client_host string Hostname of the machine where the DIAMETER Client is running.
diameter_client_port int Port number where the DIAMETER Client is listening.
use_domain int Specifies whether the domain name part of URI is used when checking the user's privileges.

Funciones exportadas

diameter_www_authorize(realm)

4.2. diameter_proxy_authorize(realm) 4.3. diameter_is_user_in(who, group)

diameter_proxy_authorize(realm)

4.3. diameter_is_user_in(who, group)

diameter_is_user_in(who, group)

4.1. diameter_www_authorize(realm)

diameter_www_authorize(realm)

SIP Server checks for authorization having a DIAMETER server in backend. If no credentials are provided inside the SIP request then a challenge is sent back to UAC. If the credentials don't match the ones computed by DISC then “403 Forbidden” is sent

diameter_proxy_authorize(realm)

SIP Proxy checks for authorization having a DIAMETER server in backend. If no credentials are provided inside the SIP request then a challenge is sent back to UAC. If the credentials don't match the ones computed by DISC then “403 Forbidden” is sent

diameter_is_user_in(who, group)

The method performs group membership checking with DISC.

Autores y contribuidores

Elena-Ramona Modroiu

Copyright © 2003, 2004 FhG FOKUS

Módulos relacionados

auth auth_arnacon auth_db auth_ephemeral auth_radius crypto htable ipops