We support a largish set of diverse users, like a lot of people I’m sure. We have asterisk setup and we were working on ways of automatically populating users.conf to create sip/iax extensions/accounts for our users. What we’ve run into is that there doesn’t seem to be any nice/safe way of storing/changing those passwords. What we’d like to be able to do is treat asterisk just like the other services we host. Therefore if a user has an account in the system account databases (nis or ldap or krb or just pam_based auth) then they can attach to our asterisk server and be contacted or contact other users.
Think of asterisk like a voice-based instant messaging service for this point.
Now, what we would like to be able to do is any of the following:
- setup a generic configuration in users.conf that expands to all system users - so anyone with an account that auths through pam can attach.
- setup individual user configurations in users.conf and set where they go to auth, something like auth_type=pam
- setup individual user configurations in users.conf and have the secret entries in that file be encrypted in some fashion like you would get in an /etc/shadow file.
I’ve done some googling about this subject and I’ve found that some folks have worked on doing something like this for radius authentication and ldap authentication. I’m going to play with those patches some and figure out if those are workable, though at the moment they don’t seem like they’ll work for our needs. However, I was hoping there were other related things on the horizon or already available that would make setting up accounts for asterisk that much easier. Ideally, I’d love to be able to work up an asterisk rpm that, once installed, automatically allowed any system user to connect and have an account. That would make sip or iax based access extremely trivial to configure (like jabber or email accounts) and maybe even more ubiquitous.