NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: authentication scheme to share password between bozohttpd and asterisk

On Tue, Apr 28, 2020 at 06:20:44PM +0300, Pierre-Philipp Braun wrote:
> How is authentication handled on Asterisk's side?  And if that's WebRTC,
> could a reverse proxy take care of it in the middle?

Not sure, does it mean modifying with asterisk's webrtc server?

> A original way to approach the problem would be to go for something even
> better -- I think -- than SSO, namely plain and simple PKI.  You setup a
> private CA, sign a few client certificates, deliver those to your users'
> workstations, and they won't have to bother with passwords anymore,
> while being authenticated by that client certificate.

Yes, quite convenient, not sure if bozohttpd supports.

Also, I am doing this for largely non-tech users, though. Have to see
whether it will be easy enough to administer installation of certificates
at their end.

> Bozohttpd seems to support SSL but probably only for the server side.  I
> hope you did enable SSL by the way, since Basic HTTP auth sends the
> password in clear, no matter what hash function you're using to store
> the passwords.  Digest would be preferred, if supported.

Yes, taken care of using SSL when using basic auth.

> Besides, I've had good experiences with Jitsi Meet which is essentially
> providing video conferencing facilities, I don't know however how hard
> it would be to package it for NetBSD.

Yes, my server runs NetBSD, so it may have to start with a wip project...

But I am curious about the following line in the documentation. Asterisk
works pretty well with NAT with the client using STUN. Is that not the
case with Jitsi?
  "Jitsi Videobridge can run behind a NAT, provided that both required
  ports are routed (forwarded) to the machine that it runs on. By default
  these ports are TCP/4443 and UDP/10000"

Besides, dialplan etc in asterisk are quite flexible. Not sure whether
jitsi has.


Home | Main Index | Thread Index | Old Index