updated knowledge on authentication issue
This commit is contained in:
parent
eff955eb23
commit
52d59f187c
1 changed files with 35 additions and 6 deletions
|
|
@ -1,5 +1,6 @@
|
|||
# location of example configuration
|
||||
## https://github.com/coturn/coturn/blob/master/docker/coturn/
|
||||
## https://github.com/coturn/coturn/blob/master/README.turnserver - Line 666 for TURN REST API
|
||||
|
||||
listening-port=3478
|
||||
tls-listening-port=5349
|
||||
|
|
@ -13,7 +14,7 @@ total-quota=100
|
|||
bps-capacity=0
|
||||
no-udp #??
|
||||
no-tcp #??
|
||||
# stale-nonce=600 # Authentication Issue
|
||||
# stale-nonce=600 # Authentication Issue - when to force re-authentication in seconds
|
||||
cert=/etc/ssl/certs/stun.kuketz-meet_ecdsa.pem # same as jitsi?
|
||||
pkey=/etc/ssl/private/stun.kuketz-meet_ecdsa.key # same as jitsi?
|
||||
cipher-list="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
|
||||
|
|
@ -29,10 +30,38 @@ no-tlsv1
|
|||
no-tlsv1_1
|
||||
|
||||
# Authentication Issue -> restrict access to only jitsi server ?
|
||||
## 1 use-auth-secret?
|
||||
## 2 if yes: what secret to define
|
||||
## 3 reauthentication only possible with auth-secret
|
||||
## There seems to be a userdb file for authentication
|
||||
## Authentication mechanisms:
|
||||
## no-auth [default] - allows anonymous access
|
||||
## lt-cred-mech - long time credential mechanism, do not use with use-auth-secret
|
||||
## oauth - sets the possibility for oAuth
|
||||
## server-name= - sets the server name which is used for oAuth
|
||||
|
||||
## [define a user in config (this file), command line, or userdb file] - sets lt-cred-mech as default
|
||||
### user=username1:key1
|
||||
### or
|
||||
### user=username1:password1
|
||||
### Keys must be generated by turnadmin utility. The key value depends
|
||||
### on user name, realm, and password:
|
||||
###
|
||||
### Example:
|
||||
### $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
### Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||
### ('0x' in the beginning of the key is what differentiates the key from
|
||||
### password. If it has 0x then it is a key, otherwise it is a password).
|
||||
###
|
||||
### The corresponding user account entry in the config file will be:
|
||||
###
|
||||
### user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||
### Or, equivalently, with open clear password (less secure):
|
||||
### user=ninefingers:youhavetoberealistic
|
||||
|
||||
## use-auth-secret - sets the TURN REST API flag
|
||||
### This option is used with timestamp:
|
||||
### usercombo -> "timestamp:userid"
|
||||
### turn user -> usercombo
|
||||
### turn password -> base64(hmac(secret key, usercombo))
|
||||
|
||||
## we can use a database for storing users and secrets for the TURN REST API
|
||||
|
||||
# CLI Security
|
||||
## do we want a password?
|
||||
|
|
|
|||
Loading…
Reference in a new issue
