User.auth
m (grammar) |
|||
(2 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | The '''user.auth''' is a message that requires | + | The '''user.auth''' is a message that requires a password for a certain user from an authentication module. If none of the authentication modules ([[regfile]]) know about this user then the module who started authentication will deny user registration in the system. |
Channels like SIP, H.323, IAX and voicemail are sending a '''user.auth''' to the engine. | Channels like SIP, H.323, IAX and voicemail are sending a '''user.auth''' to the engine. | ||
+ | |||
+ | ===Parameters=== | ||
The main parameter for this message is '''username'''. Other parameters may be present depending on the protocol used. | The main parameter for this message is '''username'''. Other parameters may be present depending on the protocol used. | ||
Line 8: | Line 10: | ||
Currently only SIP sends the parameters for digest authentication as follows: | Currently only SIP sends the parameters for digest authentication as follows: | ||
− | * protocol=sip | + | * '''protocol'''=sip |
− | * nonce=''server supplied nonce'' | + | * '''nonce'''=''server supplied nonce'' |
− | * realm=''server supplied realm'' | + | * '''realm'''=''server supplied realm'' |
− | * method=''SIP method that is authenticated'' | + | * '''method'''=''SIP method that is authenticated'' |
− | * uri=''SIP URI used in request'' | + | * '''uri'''=''SIP URI used in request'' |
− | * response=''Digest (MD5) response computed by client'' | + | * '''response'''=''Digest (MD5) response computed by client'' |
There are also some parameters that may not be always available: | There are also some parameters that may not be always available: | ||
− | * ip_host=''IP address from which the request was received'' | + | * '''ip_host'''=''IP address from which the request was received'' |
− | * ip_port=''UDP or TCP port of the request'' | + | * '''ip_port'''=''UDP or TCP port of the request'' |
− | * address=''ip_address:port of the request'' | + | * '''address'''=''ip_address:port of the request'' |
+ | |||
+ | ===Additional parameters=== | ||
Additional parameters may be set to filter which module handles this message. | Additional parameters may be set to filter which module handles this message. | ||
The default is to have all modules attempt to perform authentication: | The default is to have all modules attempt to perform authentication: | ||
− | * auth_register=false - Disables handling by the [[register]] database module | + | * '''auth_register'''=false - Disables handling by the [[register]] database module |
− | * auth_regfile=false - Disables handling by the [[regfile]] module | + | * '''auth_regfile'''=false - Disables handling by the [[regfile]] module |
+ | |||
+ | ===Return=== | ||
The returned value from the authentication module depends on the protocol: | The returned value from the authentication module depends on the protocol: |
Latest revision as of 23:15, 13 March 2014
The user.auth is a message that requires a password for a certain user from an authentication module. If none of the authentication modules (regfile) know about this user then the module who started authentication will deny user registration in the system.
Channels like SIP, H.323, IAX and voicemail are sending a user.auth to the engine.
[edit] Parameters
The main parameter for this message is username. Other parameters may be present depending on the protocol used.
Currently only SIP sends the parameters for digest authentication as follows:
- protocol=sip
- nonce=server supplied nonce
- realm=server supplied realm
- method=SIP method that is authenticated
- uri=SIP URI used in request
- response=Digest (MD5) response computed by client
There are also some parameters that may not be always available:
- ip_host=IP address from which the request was received
- ip_port=UDP or TCP port of the request
- address=ip_address:port of the request
[edit] Additional parameters
Additional parameters may be set to filter which module handles this message. The default is to have all modules attempt to perform authentication:
- auth_register=false - Disables handling by the register database module
- auth_regfile=false - Disables handling by the regfile module
[edit] Return
The returned value from the authentication module depends on the protocol:
- the plaintext password is returned and the sender must check it further;
- an empty string is returned if the user was authenticated by using supplied parameters;
- the message must be left unhandled to deny authentication
See also