Digest authentication and perl authorization

Luciano Afranllie listas.luafran at gmail.com
Mon Jan 5 13:59:33 CET 2009


Hi,

I have a test deployment with a sip proxy (kamailio) and a back to
back user agent (sippy b2bua) pointing to freeradius.

SIP proxy is making digest authentication of users and that is working fine.

My plan is to use b2bua for prepaid calls authorization and call
dropping (sip proxy forward calls from prepaid users to b2bua) so, I
want b2bua to make just authorization of calls (this is, balance
check).

I am thinking in something like this:

- Radius client (b2bua) sends an access-request with Service_type =
"Authorize-Only"
- Adding perl module to authorization section.
- In authorize function of perl module check if the balance is enough
to make the call. if yes add an attribute to the reply with granted
credit time and return return RLM_MODULE_OK. If no, return
RLM_MODULE_REJECT.

My questions are: how is the best way of making authorization without
authentication?

- Should perl module set Auth-Type := Accept if the user is authorized?

- What should I need to add in the users file for this to work,
something like this?

DEFAULT Auth-Type := Accept, Service-Type == "Authorize-Only"


Thanks for your time.

Regards
Luciano



More information about the Freeradius-Users mailing list