Re: authentication scheme to share password between bozohttpd and asterisk

[Pierre-Philipp Braun <pbraun%nethence.com@localhost>]

> Whenever I open up use of sip/webrtc to users, as far as possible I don't
> want them to be bothered with yet another password and preferably not even
> ask to enter the same password when using the webrtc app.

How is authentication handled on Asterisk's side?  And if that's WebRTC, could a reverse proxy take care of it in the middle?

A original way to approach the problem would be to go for something even better -- I think -- than SSO, namely plain and simple PKI.  You setup a private CA, sign a few client certificates, deliver those to your users' workstations, and they won't have to bother with passwords anymore, while being authenticated by that client certificate.

Bozohttpd seems to support SSL but probably only for the server side.  I hope you did enable SSL by the way, since Basic HTTP auth sends the password in clear, no matter what hash function you're using to store the passwords.  Digest would be preferred, if supported.

In any case, one could consider using the same SSL engine + PKI authentication end-point + reverse-proxy for both Asterisk and HTTP.  You will need hardware accelerated SSL to handle 15+ users at once, esp. for video streams.

Besides, I've had good experiences with Jitsi Meet which is essentially providing video conferencing facilities, I don't know however how hard it would be to package it for NetBSD.

--
Pierre-Philipp