Re: authentication scheme to share password between bozohttpd and asterisk

[Mayuresh <mayuresh%acm.org@localhost>]

On Tue, Apr 28, 2020 at 06:20:44PM +0300, Pierre-Philipp Braun wrote:
> How is authentication handled on Asterisk's side?  And if that's WebRTC,
> could a reverse proxy take care of it in the middle?

Not sure, does it mean modifying with asterisk's webrtc server?

> A original way to approach the problem would be to go for something even
> better -- I think -- than SSO, namely plain and simple PKI.  You setup a
> private CA, sign a few client certificates, deliver those to your users'
> workstations, and they won't have to bother with passwords anymore,
> while being authenticated by that client certificate.

Yes, quite convenient, not sure if bozohttpd supports.

Also, I am doing this for largely non-tech users, though. Have to see
whether it will be easy enough to administer installation of certificates
at their end.

> Bozohttpd seems to support SSL but probably only for the server side.  I
> hope you did enable SSL by the way, since Basic HTTP auth sends the
> password in clear, no matter what hash function you're using to store
> the passwords.  Digest would be preferred, if supported.

Yes, taken care of using SSL when using basic auth.

> Besides, I've had good experiences with Jitsi Meet which is essentially
> providing video conferencing facilities, I don't know however how hard
> it would be to package it for NetBSD.

Yes, my server runs NetBSD, so it may have to start with a wip project...

But I am curious about the following line in the documentation. Asterisk
works pretty well with NAT with the client using STUN. Is that not the
case with Jitsi?

https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
  "Jitsi Videobridge can run behind a NAT, provided that both required
  ports are routed (forwarded) to the machine that it runs on. By default
  these ports are TCP/4443 and UDP/10000"

Besides, dialplan etc in asterisk are quite flexible. Not sure whether
jitsi has.

Mayuresh