Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge "res_pjsip: Update authentication realm documentation." into 13

Browse Source
changes/65/5065/1
zuul 8 years ago committed by Gerrit Code Review
parent 61172a841b 9f11da85a2
commit 38b04d7dac
4 changed files with 86 additions and 11 deletions
Show Stats Download Patch File Download Diff File

20
configs/samples/pjsip.conf.sample
Unescape View File

@ -12,6 +12,12 @@
; If you want to see more detail please check the documentation sources
; mentioned at the top of this file.
; ============================================================================
; NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
;
; This file does not maintain the complete option documentation.
; ============================================================================
; Documentation
;
; The official documentation is at http://wiki.asterisk.org
@ -759,6 +765,14 @@
;==========================AUTH SECTION OPTIONS=========================
;[auth]
; SYNOPSIS: Authentication type
;
; Note: Using the same auth section for inbound and outbound
; authentication is not recommended. There is a difference in
; meaning for an empty realm setting between inbound and outbound
; authentication uses. Look to the CLI config help
; "config show help res_pjsip auth realm" or on the wiki for the
; difference.
;
;auth_type=userpass ; Authentication type (default: "userpass")
;nonce_lifetime=32 ; Lifetime of a nonce associated with this
; authentication config (default: "32")
@ -947,9 +961,9 @@
; From header username will be set to this value if
; there is no better option (such as CallerID or
; endpoint/from_user) to be used
;default_realm=asterisk ; When Asterisk generates a challenge, the realm will be
; set to this value if there is no better option (such as
; auth/realm) to be used
;default_realm=asterisk ; When Asterisk generates a challenge, the digest realm
; will be set to this value if there is no better option
; (such as auth/realm) to be used.
; Asterisk Task Processor Queue Size
; On heavy loaded system with DB storage you may need to increase

51
res/res_pjsip.c
Unescape View File

@ -112,9 +112,15 @@
This is a comma-delimited list of <replaceable>auth</replaceable> sections defined
in <filename>pjsip.conf</filename> to be used to verify inbound connection attempts.
</para><para>
Endpoints without an <literal>authentication</literal> object
configured will allow connections without vertification.
</para></description>
Endpoints without an authentication object
configured will allow connections without verification.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="callerid">
<synopsis>CallerID information for the endpoint</synopsis>
@ -329,7 +335,18 @@
<synopsis>Default Music On Hold class</synopsis>
</configOption>
<configOption name="outbound_auth">
<synopsis>Authentication object used for outbound requests</synopsis>
<synopsis>Authentication object(s) used for outbound requests</synopsis>
<description><para>
This is a comma-delimited list of <replaceable>auth</replaceable>
sections defined in <filename>pjsip.conf</filename> used to respond
to outbound connection authentication challenges.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy">
<synopsis>Proxy through which to send requests, a full SIP URI must be provided</synopsis>
@ -961,8 +978,30 @@
<synopsis>PlainText password used for authentication.</synopsis>
<description><para>Only used when auth_type is <literal>userpass</literal>.</para></description>
</configOption>
<configOption name="realm" default="asterisk">
<configOption name="realm">
<synopsis>SIP realm for endpoint</synopsis>
<description><para>
The treatment of this value depends upon how the authentication
object is used.
</para><para>
When used as an inbound authentication object, the realm is sent
as part of the challenge so the peer can know which key to use
when responding. An empty value will use the
<replaceable>global</replaceable> section's
<literal>default_realm</literal> value when issuing a challenge.
</para><para>
When used as an outbound authentication object, the realm is
matched with the received challenge realm to determine which
authentication object to use when responding to the challenge. An
empty value matches any challenging realm when determining
which authentication object matches a received challenge.
</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses.</para></note>
</description>
</configOption>
<configOption name="type">
<synopsis>Must be 'auth'</synopsis>
@ -1506,7 +1545,7 @@
used.</synopsis>
</configOption>
<configOption name="default_realm" default="asterisk">
<synopsis>When Asterisk generates an challenge, the digest will be
<synopsis>When Asterisk generates a challenge, the digest realm will be
set to this value if there is no better option (such as auth/realm) to be
used.</synopsis>
</configOption>

13
res/res_pjsip_outbound_publish.c
Unescape View File

@ -54,7 +54,18 @@
<synopsis>Expiration time for publications in seconds</synopsis>
</configOption>
<configOption name="outbound_auth" default="">
<synopsis>Authentication object to be used for outbound publishes.</synopsis>
<synopsis>Authentication object(s) to be used for outbound publishes.</synopsis>
<description><para>
This is a comma-delimited list of <replaceable>auth</replaceable>
sections defined in <filename>pjsip.conf</filename> used to respond
to outbound authentication challenges.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy" default="">
<synopsis>SIP URI of the outbound proxy used to send publishes</synopsis>

13
res/res_pjsip_outbound_registration.c
Unescape View File

@ -82,7 +82,18 @@
<synopsis>Maximum number of registration attempts.</synopsis>
</configOption>
<configOption name="outbound_auth" default="">
<synopsis>Authentication object to be used for outbound registrations.</synopsis>
<synopsis>Authentication object(s) to be used for outbound registrations.</synopsis>
<description><para>
This is a comma-delimited list of <replaceable>auth</replaceable>
sections defined in <filename>pjsip.conf</filename> used to respond
to outbound authentication challenges.</para>
<note><para>
Using the same auth section for inbound and outbound
authentication is not recommended. There is a difference in
meaning for an empty realm setting between inbound and outbound
authentication uses. See the auth realm description for details.
</para></note>
</description>
</configOption>
<configOption name="outbound_proxy" default="">
<synopsis>Outbound Proxy used to send registrations</synopsis>

Write Preview
Loading…
Cancel
Save