You are here: start » tbd » db_unix

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tbd:db_unix [2009/04/28 15:20]
janakj 		tbd:db_unix [2013/04/17 11:53] (current)
henningw old revision restored
Line 1: Line 1:
 ====== Integration With UNIX/Linux User Database ====== ====== Integration With UNIX/Linux User Database ======
  
 +**Contacts**: [[jan@iptel.org|Jan Janak]], [[andrei@iptel.org|Andrei Pelinescu-Onciul]]
 +
 +===== Abstract =====
 The goal of this work is to develop an extension module for sip-router that The goal of this work is to develop an extension module for sip-router that
-will provide support for authentication, authorization, and configuration the +will provide support for authentication, authorization, and configuration **the 
-UNIX way, that is ''/etc/passwd'', ''/etc/group'' and plain-text files stored in+UNIX way**, that is ''/etc/passwd'', ''/etc/group'' and plain-text files stored in
 user's home directory. With this module loaded the sip-router server will be user's home directory. With this module loaded the sip-router server will be
-able to integrate with services and databases commonly available in UNIX+able to integrate with name services and databases commonly available in UNIX-like
 systems. systems.
  
-Every non-trivial sip-router requires a database server to store all kinds of +===== State of the Art ===== 
-data particular to the operation of the SIP server. All users' data, such as+Every non-trivial sip-router setup requires a database server to store all kinds  
 +of data particular to the operation of the SIP server. All users' data, such as
 authentication usernames, passwords and user location contacts, is then stored authentication usernames, passwords and user location contacts, is then stored
 in the database. The administrator usually needs to populate the database with in the database. The administrator usually needs to populate the database with
Line 32: Line 36:
 databases, such as the berkeley db, but even such databases require standalone databases, such as the berkeley db, but even such databases require standalone
 provisioning tools and maintenance. provisioning tools and maintenance.
 +
 +===== Goals =====
 The aim of this work is to develop an extension module for sip-router which The aim of this work is to develop an extension module for sip-router which
 will interface to the database abstraction layer in sip-router on one side to will interface to the database abstraction layer in sip-router on one side to
Line 37: Line 43:
 on the other side. This module will then (when used instead of a traditional on the other side. This module will then (when used instead of a traditional
 database module such as db_mysql) make it possible to use the UNIX/Linux user database module such as db_mysql) make it possible to use the UNIX/Linux user
-database in /etc/passwd for authentication, PAM (Pluggable Authentication+database in ''/etc/passwd'' for authentication, PAM (Pluggable Authentication
 Modules) system for authorization, and so on. Modules) system for authorization, and so on.
  
-Required features: +==== Required features ==== 
-  Version 1 (strawman): +=== Version 1 (strawman) === 
-    * Use /etc/passwd as the user database +    * Use ''/etc/passwd'' as the user database 
-    * Digest authentication password stored in ~/.sr +    * Digest authentication password stored in ''~/.sr'' 
-    * User location data stored in ~/.sr +    * User location data stored in ''~/.sr'' 
-    * Authorization to use the service using /etc/group (i.e. only members of +    * Authorization to use the service using ''/etc/group'' (i.e. only members of sip group will be allowed to register and make calls).
-      sip group will be allowed to register and make calls).+
  
-  o Version 2 (deluxe):+=== Version 2 (deluxe) ===
     * PAM-enabled authorization     * PAM-enabled authorization
-    * Selected configuration for a user (a set of name-value pairs) +    * Selected configuration for a user (a set of name-value pairs) can be stored in a plain-text file in ''~/.sr'' (like ''~/.ssh/config''
-      can be stored in a plain-tex file in ~/.sr (like ~/.ssh/config) +    * Keep ''/var/log/wtmp'' up-to-date when user registers/un-registers
-    * Keep /var/log/wtmp up-to-date when user registers/un-registers+
     * Accounting in ~     * Accounting in ~
-    * Tool to administer the digest password in ~/.sr+    * Tool to administer the digest password in ''~/.sr''
  
-Overview of operation  +===== Overview of Operation =====
---------------------- +
 The administator of a Linux host installs the sip-router. The sip-router comes The administator of a Linux host installs the sip-router. The sip-router comes
 with a default configuration file with all important features, such as digest with a default configuration file with all important features, such as digest
 authentication and registrar, enabled. He/she configures the sip-router server authentication and registrar, enabled. He/she configures the sip-router server
-to use db_unix module as the desired database driver (instead of the default+to use ''db_unix'' module as the desired database driver (instead of the default
 db_mysql). db_mysql).
  
 The adminstrator decides to let user jan use the newly installed SIP The adminstrator decides to let user jan use the newly installed SIP
 server. The administrator creates a new user with adduser: server. The administrator creates a new user with adduser:
-   + 
-  # adduser jan+<code>   
 +# adduser jan 
 +</code>
  
 and after filling all the personal information the user is created in the and after filling all the personal information the user is created in the
-system, his home directory is set to /home/jan. The administrator sets an+system, his home directory is set to ''/home/jan''. The administrator sets an
 initial digest authentication password for the user: initial digest authentication password for the user:
  
-  # sippasswd jan+<code> 
 +# sippasswd jan 
 +</code>
  
-The tool saves the password in /home/jan/.sr/passwd in either plain-text or+The tool saves the password in ''/home/jan/.sr/passwd'' in either plain-text or
 sha1 format, along with all information necessary for digest authentication. sha1 format, along with all information necessary for digest authentication.
  
-User jan configures his SIP phone with username jan, hostname of the Linux+User ''jan'' configures his SIP phone with username ''jan'', hostname of the Linux
 host and the password given to him by the adminstrator and the phone sends a host and the password given to him by the adminstrator and the phone sends a
 REGISTER message and after the obligatory digest authentication round-trip, REGISTER message and after the obligatory digest authentication round-trip,
-the server gets the user's password from /home/jan/.sr/password and verifies+the server gets the user's password from ''/home/jan/.sr/password'' and verifies
 the digest crendentials. the digest crendentials.
  
-Optionally the server may use PAM or consult /etc/group to verify that the +Optionallythe server may use PAM or consult ''/etc/group'' to verify that the 
-user has access to the SIP service. If the user has ~/.sr/config then the SIP+user has access to the SIP service. If the user has ''~/.sr/config'' then the SIP
 server loads the contents of the file before processing the SIP message. server loads the contents of the file before processing the SIP message.
  
 If the registration was successfull then the SIP server saves all the contacts If the registration was successfull then the SIP server saves all the contacts
-registered by the user's phone in his ~/.sr/usrloc and optionally updates wtmp+registered by the user's phone in his ''~/.sr/usrloc'' and optionally updates wtmp
 if the user is registered. if the user is registered.
  
-When an INVITE arrives for jan@host, the sip server again loads the +When an INVITE arrives for ''jan@host'', the sip server again loads the 
-configuration from /home/jan/.sr/config and then the list of contacts from +configuration from ''/home/jan/.sr/config'' and then the list of contacts from 
-/home/jan/.sr/usrloc and forwards the INVITE request. The SIP server may also +''/home/jan/.sr/usrloc'' and forwards the INVITE request. The SIP server may also 
-record the SIP call in Jan's ~/.sr if db_unix module supports accouting.+record the SIP call in Jan'''~/.sr'' if ''db_unix'' module supports accouting.
  
 The user (jan) may ssh into the SIP server host and customize his SIP The user (jan) may ssh into the SIP server host and customize his SIP
-configuration by editing ~/.sr/config+configuration by editing ''~/.sr/config''
  
 +===== Reading List =====
 +  * [[http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules|PAM (Pluggable Authentication Modules)]]
 +  * [[http://www.kernel.org/pub/linux/libs/pam/|Linux PAM]]
 +  * ''man 3 login''
 +  * ''man passwd''
 +  * ''man group''
 +  

Trace:

Navigation

Wiki

Other

QR Code
QR Code tbd:db_unix (generated for current page)