[OpenSIPS-Devel] New contribution, rich authentication in LCR module

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Feb 16 11:37:05 CET 2010 

Hi Michael,

Just to give you an idea : the dynamic routing module has a more general 
approach on this - the GW records have an "attrs" field that (from 
module point of view) is an opaque string - these are attributes that 
the module will automatically load for the script usage (via AVPs) when 
the GW is selected.
So you can use the attr to store the username, passwd and realm if the 
GW requires.

So, you can try a similar approach for LCR, but as you said, this module 
is obsolete and I guess it does not pay the effort to invest in it. 
Better redirect this effort in migrating to DR.

Regards,
Bogdan

Michael Schloh von Bennewitz wrote:
> Hello list,
>
> I see from http://www.opensips.org/Development/Development that the
> LCR module is 'commonly maintained.' Whoever has commit authority
> might like to take a look at the new rich authentication credentials
> of the gw table as well as corresponding authentication logic in the
> LCR module that we've been using to mitigate problems of the
> unmodified LCR and UAC logic.
>
>   http://scm.europalab.com/contrib/opensips/
>   http://scm.europalab.com/contrib/file/tip/opensips/
>   http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.txt
>   http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.diff
>
> Basically, files (only code, no documentation) in modules/lcr of
> SVN trunk revision 6590 were modified to allow the gw table to
> provide authentication credentials to a modified LCR module.
> LCR in turn prepares a set of three new AVPs for authentication
> purposes. In a nutshell, the gw table now has 'user', 'realm',
> and 'password' columns. The LCR module reads these when gw_load()
> and gw_next() are used, and sets the AVPs avp_user, avp_realm,
> and avp_passwd accordingly.
>
> It's hard to recommend that this logic be integrated into the
> next OpenSIPS distribution because I know that LCR logic is
> to be retired in favour of dynamic routing logic. That's why
> I've not completed the opensipsctl, opensipsdbctl, and osipsconsole
> modifications to allow entering the new authentication values
> from the command line. The XML documentation is incomplete as well.
>
> I'll complete that work if I get the impression that this is
> popular enough to be committed to the trunk.
>
> Cheers,
> Michael
>
>   


-- 
Bogdan-Andrei Iancu
www.voice-system.ro

More information about the Devel mailing list