asterisk users - Jan 2015 - Confused by concepts behind pjsip: endpoint, aor, contact

Joshua,


On Sun, Jan 4, 2015 at 6:39 PM, Joshua Colp <jcolp at digium.com> wrote:

[..snip..]

>  Also I notice, an AOR does seem do be directly correlated with an auth
>> record, so why are
>> they separate in the configuration, why not unify the aor and the auth
>> objects?
>>
>
> They aren't at all. Auth = Authentication. Used to authenticate
incoming
> calls/registrations/other stuff, or used to authenticate outgoing things.
> They are NOT the same. AOR is a name for reaching something.
>

I did not mean they are the same, I meant that there seems to be a
one-to-one relationship.

So I am wondering, since the auth does seem useless without an aor, but an
aor
can exist without an auth, why was the auth object created in the first
place,
instead of extending the aor object with username/password/etc fields?

I think auth's only use would be when all the aor's would register using
the exact
same credentials, and even then it would only save a small amount.

But I bet you're now going to say, those small amounts are going to add up..

Antonio


> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - US
> Check us out at: www.digium.com & www.asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20150104/cf5fac90/attachment.html>

Antonio G?mez Soto wrote:

<snip>
>
> I did not mean they are the same, I meant that there seems to be a
> one-to-one relationship.
>
> So I am wondering, since the auth does seem useless without an aor, but
> an aor
> can exist without an auth, why was the auth object created in the first
> place,
> instead of extending the aor object with username/password/etc fields?
Auth is useless on its own but is used by many things - in fact it's not 
even used directly by an AOR. It's configured on an endpoint to do 
authentication of inbound traffic from that endpoint. It's also used by 
outbound registration and outbound publish in response to challenges.

While it would be possible to combine them you've now got duplicated 
stuff across different configuration items, both for configuration and 
also from an implementation perspective. As it is done right now *all* 
of the authentication is the same code for everything and there is no 
duplication. Fix a bug in it and you fix it for everything.
>
> I think auth's only use would be when all the aor's would register
using
> the exact
> same credentials, and even then it would only save a small amount.
I don't understand what you mean.
>
> But I bet you're now going to say, those small amounts are going to add
up..

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

On Sun, Jan 4, 2015 at 8:48 PM, Joshua Colp <jcolp at digium.com> wrote:
> Antonio G?mez Soto wrote:
>
> <snip>
>
>
>> I did not mean they are the same, I meant that there seems to be a
>> one-to-one relationship.
>>
>> So I am wondering, since the auth does seem useless without an aor, but
>> an aor
>> can exist without an auth, why was the auth object created in the first
>> place,
>> instead of extending the aor object with username/password/etc fields?
>>
>
> Auth is useless on its own but is used by many things - in fact it's
not
> even used directly by an AOR. It's configured on an endpoint to do
> authentication of inbound traffic from that endpoint. It's also used by
> outbound registration and outbound publish in response to challenges.
>
>
Ok, thank you. One final question:

I see that it's possible to have multiple auth's in an endpoint. For
incoming traffic to be
authenticated, how does pjsip know which auth to consider? By looking at
the From: address
in the SIP header, and matching that up with the auth id?
For example if the From: header is <10000 at 10.172.0.2>, will it find the
AOR
from the IP
address, and the auth from the '10000' ?

Antonio


> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - US
> Check us out at: www.digium.com & www.asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20150104/9b94413a/attachment.html>