...
Only used when auth_type is md5. As an alternative to specifying a plain text password, you can hash the username, realm and password together one time and place the hash value here. The input to the hash function must be in the following format:
<username>:<realm>:<password>
For incoming authentication (asterisk is the server), the realm must match either the realm set in this object or the default_realm set in in the global object.
For outgoing authentication (asterisk is the client), the realm must match what the server will be sending in their WWW-Authenticate header. It can't be blank unless you expect the server to be sending a blank realm in the header. You can generate the hash with the following shell command:
$ echo -n "myname:myrealm:mypassword" | md5sum
Note the '-n'. You don't want a newline to be part of the hash.
| Anchor | ||||
|---|---|---|---|---|
|
...
| Anchor | ||||
|---|---|---|---|---|
|
realm
The treatment of this value depends upon how the authentication object is used.
When used as an inbound authentication object, the realm is sent as part of the challenge so the peer can know which key to use when responding. An empty value will use the global sectionFor incoming authentication (asterisk is the server), this is the realm to be sent on WWW-Authenticate headers. If not specified, the global object's default_realm value when issuing a challenge.When used as an outbound authentication object, the realm is matched with the received challenge realm to determine which authentication object to use when responding to the challenge. An empty value matches any challenging realm when determining which authentication object matches a received challenge will be used.
For outgoing authentication (asterisk is the client), this must either be the realm the server is expected to send, or blank to automatically use the realm sent by the server. If you have multiple auth object for an endpoint, the realm is also used to match the auth object to the realm the server sent.
| Info | ||
|---|---|---|
| ||
Using the same auth section for inbound and outbound authentication is not recommended. There is a difference in meaning for an empty realm setting between inbound and outbound authentication uses. |
...
Option Name | Type | Default Value | Regular Expression | Description |
|---|---|---|---|---|
| | | | Value used in Max-Forwards header for SIP requests. |
| | | | The interval (in seconds) to send keepalives to active connection-oriented transports. |
| | | | The interval (in seconds) to check for expired contacts. |
| | | Disable Multi Domain support | |
| | | | The maximum amount of time from startup that qualifies should be attempted on all contacts. If greater than the qualify_frequency for an aor, qualify_frequency will be used instead. |
| | | The number of seconds over which to accumulate unidentified requests. | |
| | | The number of unidentified requests from a single IP to allow. | |
| | | | The interval at which unidentified requests are older than twice the unidentified_request_period are pruned. |
| |
| | Must be of type 'global' UNLESS the object name is 'global'. |
| | | | Value used in User-Agent header for SIP requests and Server header for SIP responses. |
| |
| | When set, Asterisk will dynamically create and destroy a NoOp priority 1 extension for a given peer who registers or unregisters with us. |
| | | | Endpoint to use when sending an outbound request to a URI without a specified endpoint. |
| |
| | The voicemail extension to send in the NOTIFY Message-Account header if not specified on endpoint or aor |
| | | | Enable/Disable SIP debug logging. Valid options include yes, no, or a host address |
| | | The order by which endpoint identifiers are processed and checked. Identifier names are usually derived from and can be found in the endpoint identifier module itself (res_pjsip_endpoint_identifier_*). You can use the CLI command "pjsip show identifiers" to see the identifiers currently available. | |
| | | | When Asterisk generates an outgoing SIP request, the From header username will be set to this value if there is no better option (such as CallerID) to be used. |
| | | | When Asterisk generates a challenge, the digest realm will be set to this value if there is no better option (such as auth/realm) to be used. |
| | | MWI taskprocessor high water alert trigger level. | |
| | | MWI taskprocessor low water clear alert level. | |
| | | Enable/Disable sending unsolicited MWI to all endpoints on startup. | |
| | | Enable/Disable ignoring SIP URI user field options. | |
| | | Place caller-id information into Contact header | |
| | | | Enable sending AMI ContactStatus event when a device refreshes its registration. |
| | | Trigger scope for taskprocessor overloads | |
| | | | Advertise support for RFC4488 REFER subscription suppression |
...
This documentation was imported from Asterisk Version GIT-16-a4a63db5ace782