InicioMódulos › 🛠️ Utilidades y Varios › auth_xkeys
← Volver al índice de módulos

auth_xkeys

This module provides a custom mechanism to authenticate a SIP entity using a list of shared keys. It is similar to the API key based authentication used by many web services.
🛠️ Utilidades y Varios Kamailio 6.1 2 parámetros 4 funciones

Descripción general

This module provides a custom mechanism to authenticate a SIP entity using a list of shared keys. It is similar to the API key based authentication used by many web services. In short, the sender adds a particular header with a hash token computed with the shared key and some values from the SIP request (e.g., local IP, From/To/R-URI username, Call-ID, CSeq). The receiver will check the hash value and decide whether the SIP message is authenticated or not. The sender and receiver have to agree beforehand on the name of the server, shared secret, algorithm to be used and what data is going to be hashed. The module is designed to work with many shared keys on the same group, for more flexibility in adding/removing keys. The last added key in the group is used to add the header, but older ones are used for matching the hash value. That allows to change the active shared key without affecting ongoing traffic. If one decides to use a new share key, add it first to receiver (it will still authenticate with older key) and then to the sender. Once both nodes are provisioned with the new key, the older one can be removed. For proper protection, it is recommended to use this authentication mechanism over a secure channel (e.g., TLS, VPN, private network). The benefit is avoiding the extra traffic and processing required by WWW-Digest authentication schema (no more 401/407 and a follow up request with credentials). Another goal is to provide more elasticity for scalability needs of the

Documentación oficial: https://www.kamailio.org/docs/modules/stable/modules/auth_xkeys.html
Código fuente: https://github.com/kamailio/kamailio/tree/master/src/modules/auth_xkeys

Parámetros de configuración

ParámetroTipoDescripción
xkey str 3.1. xkey (str)
xkey str Specify the attributes for a shared secret. The value is in the format 'name1=value1;name2=value2;...'. The attributes can be: * id - the id of the group for keys * name - the name of the key within g

Funciones exportadas

auth_xkeys_add(hdr, kid, alg, data)

4.2. auth_xkeys_check(hdr, kid, alg, data)

auth_xkeys_check(hdr, kid, alg, data)

4.1. auth_xkeys_add(hdr, kid, alg, data)

auth_xkeys_add(hdr, kid, alg, data)

Add a header computed with the first key in the group kid, hashing with algorithm alg over the content of parameter data. The parameters can include variables.

auth_xkeys_check(hdr, kid, alg, data)

Check if the value of header hdr matches the value computed with the first key in the group kid, hashing with algorithm alg over the content of parameter data. The parameters can include variables.

Autores y contribuidores

Daniel-Constantin Mierla <miconda@gmail.com>

Copyright © 2015 asipto.com

Módulos relacionados

auth_web3 avp avpops benchmark blst call_control call_obj cfg_db