1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/opensips/lcr-auth.txt Wed Feb 10 21:21:24 2010 +0100
1.3 @@ -0,0 +1,73 @@
1.4 +LCR module authentication extention (contribution)
1.5 +
1.6 +Rationale
1.7 +
1.8 +An orthoganal approach to abstract authentication logic out of the
1.9 +routing script improves administration by keeping unnecessarily hard
1.10 +coded authentication credentials out of the routing script.
1.11 +
1.12 +Usage
1.13 +
1.14 +The new lcr module parameters which achieve this are 'auth_realm_avp',
1.15 +'auth_username_avp', and 'auth_password_avp'. To specify where the lcr
1.16 +module should write these values set the parameters like so:
1.17 +
1.18 + modparam("lcr", "auth_realm_avp", "$avp(s:arealm)")
1.19 + modparam("lcr", "auth_username_avp", "$avp(s:auser)")
1.20 + modparam("lcr", "auth_password_avp", "$avp(s:apass)")
1.21 +
1.22 +Typically these parameters are used in conjunction with the uac modules
1.23 +uac_auth() function, which uses similar variables which are specified in
1.24 +a similar manner. In fact, the parameters of both lcr and uac modules
1.25 +can be specified at the same time like so:
1.26 +
1.27 + modparam("uac|lcr", "auth_realm_avp", "$avp(s:arealm)")
1.28 + modparam("uac|lcr", "auth_username_avp", "$avp(s:auser)")
1.29 + modparam("uac|lcr", "auth_password_avp", "$avp(s:apass)")
1.30 +
1.31 +In addition to the existing column module parameters, specify the name
1.32 +of each of the new gw table columns like so:
1.33 +
1.34 + modparam("lcr", "user_column", "user")
1.35 + modparam("lcr", "realm_column", "realm")
1.36 + modparam("lcr", "passwd_column", "passwd")
1.37 +
1.38 +At this point the new functionality of the lcr module is ready to be
1.39 +used. Enter values into the gw table with its new columns and call the
1.40 +standard lcr module functions load_gws() and next_gw().
1.41 +
1.42 +Result
1.43 +
1.44 +After calling load_gws() and next_gw(), inspect the variables associated
1.45 +with the user, realm, and password columns (see the modparam entries) to
1.46 +find that the lcr module can now hand off authentication credentials to
1.47 +other modules with ease.
1.48 +
1.49 +Location
1.50 +
1.51 +http://scm.europalab.com/contrib/opensips/
1.52 +http://scm.europalab.com/contrib/file/tip/opensips/
1.53 +http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.txt
1.54 +http://scm.europalab.com/contrib/file/tip/opensips/lcr-auth.diff
1.55 +
1.56 +Instructions
1.57 +
1.58 +To integrate this contributed logic into the source code tree of
1.59 +a OpenSIPS distribution, download the unified diff and use the
1.60 +patch(1) command:
1.61 +
1.62 + $ cd /tmp && mkdir lcr-patch && cd lcr-patch
1.63 + $ wget http://scm.europalab.com/contrib/raw-file/tip/opensips/lcr-auth.diff
1.64 + $ tar zxf /tmp/opensips-<version>-tls.tar.gz
1.65 + $ cd opensips-<version>-tls
1.66 + $ patch -p0 <../lcr-auth.diff
1.67 +
1.68 +Disclaimer
1.69 +
1.70 +This software contribution is based on source code from OpenSIPS SVN
1.71 +revision 6590. The author makes no guarantees as to this contribution.
1.72 +A user who downloads and executes it does so at his own risk.
1.73 +
1.74 +Michael Schloh von Bennewitz
1.75 +http://michael.schloh.com/
1.76 +Wednsday, 10. February 2010
