Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
tbd:db_unix [2009/04/28 15:20] janakj |
tbd:db_unix [2012/01/08 23:19] 109.230.216.60 AIyiDHyVljPLmUUW |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Integration With UNIX/Linux User Database ====== | + | Could you write about Physics |
- | + | ||
- | The goal of this work is to develop an extension module for sip-router that | + | |
- | will provide support for authentication, | + | |
- | UNIX way, that is ''/ | + | |
- | user's home directory. With this module loaded the sip-router server will be | + | |
- | able to integrate with services and databases commonly available in UNIX | + | |
- | systems. | + | |
- | + | ||
- | Every non-trivial sip-router requires a database server to store all kinds of | + | |
- | data particular to the operation of the SIP server. All users' data, such as | + | |
- | authentication usernames, passwords and user location contacts, is then stored | + | |
- | in the database. The administrator usually needs to populate the database with | + | |
- | some initial data whenever a new user is added to the system. Even simple | + | |
- | operations, for example when a user decides to change his/her password for SIP | + | |
- | digest authentication, | + | |
- | serctl) or the administrator has to use the SQL interface of the database to | + | |
- | issue one or more SQL commands. | + | |
- | + | ||
- | The sip-router server supports a wide variety of database systems (mysql, | + | |
- | postgres, oracle, berkeley db) through its internal database abstraction | + | |
- | layer. The database abstraction layer is flexible and adding support for a new | + | |
- | database type (not necessarily SQL based) is a simple and straightforward | + | |
- | process. Typically there is no need to modify other extension modules of the | + | |
- | server because most of them access the database exclusively through the | + | |
- | database abstraction layer. | + | |
- | + | ||
- | Running a dedicated fully-featured database server for a small SIP server | + | |
- | setup, serving maybe no more then a couple of users, seems like an | + | |
- | overkill. Yet, there is currently no easy way of achieving this without | + | |
- | setting up something like mysql. We have support for several embedded | + | |
- | databases, such as the berkeley db, but even such databases require standalone | + | |
- | provisioning tools and maintenance. | + | |
- | The aim of this work is to develop an extension module for sip-router which | + | |
- | will interface to the database abstraction layer in sip-router on one side to | + | |
- | traditional UNIX/Linux facilities for user authentication and user management | + | |
- | on the other side. This module will then (when used instead of a traditional | + | |
- | database module such as db_mysql) make it possible to use the UNIX/Linux user | + | |
- | database in /etc/passwd for authentication, | + | |
- | Modules) system for authorization, | + | |
- | + | ||
- | Required features: | + | |
- | o Version 1 (strawman): | + | |
- | * Use /etc/passwd as the user database | + | |
- | * Digest authentication password stored in ~/.sr | + | |
- | * User location data stored in ~/.sr | + | |
- | * Authorization to use the service using /etc/group (i.e. only members of | + | |
- | sip group will be allowed to register and make calls). | + | |
- | + | ||
- | o Version 2 (deluxe): | + | |
- | * PAM-enabled authorization | + | |
- | * Selected configuration for a user (a set of name-value pairs) | + | |
- | | + | |
- | * Keep / | + | |
- | * Accounting in ~ | + | |
- | * Tool to administer the digest password in ~/.sr | + | |
- | + | ||
- | Overview of operation | + | |
- | --------------------- | + | |
- | The administator of a Linux host installs the sip-router. The sip-router comes | + | |
- | with a default configuration file with all important features, such as digest | + | |
- | authentication and registrar, enabled. He/she configures the sip-router server | + | |
- | to use db_unix module as the desired database driver (instead of the default | + | |
- | db_mysql). | + | |
- | + | ||
- | The adminstrator decides to let user jan use the newly installed SIP | + | |
- | server. The administrator creates a new user with adduser: | + | |
- | + | ||
- | # adduser jan | + | |
- | + | ||
- | and after filling all the personal information the user is created in the | + | |
- | system, his home directory is set to /home/jan. The administrator sets an | + | |
- | initial digest authentication password for the user: | + | |
- | + | ||
- | # sippasswd jan | + | |
- | + | ||
- | The tool saves the password in / | + | |
- | sha1 format, along with all information necessary for digest authentication. | + | |
- | + | ||
- | User jan configures his SIP phone with username jan, hostname of the Linux | + | |
- | host and the password given to him by the adminstrator and the phone sends a | + | |
- | REGISTER message and after the obligatory digest authentication round-trip, | + | |
- | the server gets the user's password from / | + | |
- | the digest crendentials. | + | |
- | + | ||
- | Optionally the server may use PAM or consult /etc/group to verify that the | + | |
- | user has access to the SIP service. If the user has ~/ | + | |
- | server loads the contents of the file before processing the SIP message. | + | |
- | + | ||
- | If the registration was successfull then the SIP server saves all the contacts | + | |
- | registered by the user's phone in his ~/ | + | |
- | if the user is registered. | + | |
- | + | ||
- | When an INVITE arrives for jan@host, the sip server again loads the | + | |
- | configuration from / | + | |
- | / | + | |
- | record the SIP call in Jan's ~/.sr if db_unix module supports accouting. | + | |
- | + | ||
- | The user (jan) may ssh into the SIP server host and customize his SIP | + | |
- | configuration by editing ~/ | + |