Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
tbd:db_unix [2009/04/28 15:07] janakj created |
tbd:db_unix [2013/04/17 11:53] (current) henningw old revision restored |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Integration With UNIX/Linux User Database ====== | ====== Integration With UNIX/Linux User Database ====== | ||
| + | **Contacts**: | ||
| + | |||
| + | ===== Abstract ===== | ||
| + | The goal of this work is to develop an extension module for sip-router that | ||
| + | will provide support for authentication, | ||
| + | UNIX way**, that is ''/ | ||
| + | user's home directory. With this module loaded the sip-router server will be | ||
| + | able to integrate with name services and databases commonly available in UNIX-like | ||
| + | systems. | ||
| + | |||
| + | ===== State of the Art ===== | ||
| + | Every non-trivial sip-router setup requires a database server to store all kinds | ||
| + | of data particular to the operation of the SIP server. All users' data, such as | ||
| + | authentication usernames, passwords and user location contacts, is then stored | ||
| + | in the database. The administrator usually needs to populate the database with | ||
| + | some initial data whenever a new user is added to the system. Even simple | ||
| + | operations, for example when a user decides to change his/her password for SIP | ||
| + | digest authentication, | ||
| + | serctl) or the administrator has to use the SQL interface of the database to | ||
| + | issue one or more SQL commands. | ||
| + | |||
| + | The sip-router server supports a wide variety of database systems (mysql, | ||
| + | postgres, oracle, berkeley db) through its internal database abstraction | ||
| + | layer. The database abstraction layer is flexible and adding support for a new | ||
| + | database type (not necessarily SQL based) is a simple and straightforward | ||
| + | process. Typically there is no need to modify other extension modules of the | ||
| + | server because most of them access the database exclusively through the | ||
| + | database abstraction layer. | ||
| + | |||
| + | Running a dedicated fully-featured database server for a small SIP server | ||
| + | setup, serving maybe no more then a couple of users, seems like an | ||
| + | overkill. Yet, there is currently no easy way of achieving this without | ||
| + | setting up something like mysql. We have support for several embedded | ||
| + | databases, such as the berkeley db, but even such databases require standalone | ||
| + | provisioning tools and maintenance. | ||
| + | |||
| + | ===== Goals ===== | ||
| + | The aim of this work is to develop an extension module for sip-router which | ||
| + | will interface to the database abstraction layer in sip-router on one side to | ||
| + | traditional UNIX/Linux facilities for user authentication and user management | ||
| + | on the other side. This module will then (when used instead of a traditional | ||
| + | database module such as db_mysql) make it possible to use the UNIX/Linux user | ||
| + | database in ''/ | ||
| + | Modules) system for authorization, | ||
| + | |||
| + | ==== Required features ==== | ||
| + | === Version 1 (strawman) === | ||
| + | * Use ''/ | ||
| + | * Digest authentication password stored in '' | ||
| + | * User location data stored in '' | ||
| + | * Authorization to use the service using ''/ | ||
| + | |||
| + | === Version 2 (deluxe) === | ||
| + | * PAM-enabled authorization | ||
| + | * Selected configuration for a user (a set of name-value pairs) can be stored in a plain-text file in '' | ||
| + | * Keep ''/ | ||
| + | * Accounting in ~ | ||
| + | * Tool to administer the digest password in '' | ||
| + | |||
| + | ===== Overview of Operation ===== | ||
| + | The administator of a Linux host installs the sip-router. The sip-router comes | ||
| + | with a default configuration file with all important features, such as digest | ||
| + | authentication and registrar, enabled. He/she configures the sip-router server | ||
| + | to use '' | ||
| + | db_mysql). | ||
| + | |||
| + | The adminstrator decides to let user jan use the newly installed SIP | ||
| + | server. The administrator creates a new user with adduser: | ||
| + | |||
| + | < | ||
| + | # adduser jan | ||
| + | </ | ||
| + | |||
| + | and after filling all the personal information the user is created in the | ||
| + | system, his home directory is set to ''/ | ||
| + | initial digest authentication password for the user: | ||
| + | |||
| + | < | ||
| + | # sippasswd jan | ||
| + | </ | ||
| + | |||
| + | The tool saves the password in ''/ | ||
| + | sha1 format, along with all information necessary for digest authentication. | ||
| + | |||
| + | User '' | ||
| + | host and the password given to him by the adminstrator and the phone sends a | ||
| + | REGISTER message and after the obligatory digest authentication round-trip, | ||
| + | the server gets the user's password from ''/ | ||
| + | the digest crendentials. | ||
| + | |||
| + | Optionally, the server may use PAM or consult ''/ | ||
| + | user has access to the SIP service. If the user has '' | ||
| + | server loads the contents of the file before processing the SIP message. | ||
| + | |||
| + | If the registration was successfull then the SIP server saves all the contacts | ||
| + | registered by the user's phone in his '' | ||
| + | if the user is registered. | ||
| + | |||
| + | When an INVITE arrives for '' | ||
| + | configuration from ''/ | ||
| + | ''/ | ||
| + | record the SIP call in Jan's '' | ||
| + | |||
| + | The user (jan) may ssh into the SIP server host and customize his SIP | ||
| + | configuration by editing '' | ||
| + | |||
| + | ===== Reading List ===== | ||
| + | * [[http:// | ||
| + | * [[http:// | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | | ||
