Login
Wiki HomeDescription
Authenticate a user with a dialed passcodeSynopsis
Authenticate(password[|options]])Authenticate(/passwdfile|[|options]])
Authenticate(/db-keyfamily|d[options]])
Options
A string of options may be provided by concatenating any of the following letters:- a - Set account code to the password that is entered. The password will be stored in the CDR field "accountcode" and the channel variable ${ACCOUNTCODE} will be set.
- d - Interpret path as database key family
- j - jump to priority n+101 if the authentication fails and that priority exists
- m - Interpret the given path as a file which contains a list of account codes and password hashes delimited with ':', listed one per line in the file. When one of the passwords is matched, the channel will have its account code set to the corresponding account code in the file.
- r - Remove database key upon successful entry (only applicable with 'd' option)
NOTE: The 'm' option does not set the account code unless the 'a' option is specified as well.
NOTE: When using the 'm' option, make sure that you don't create the hash with the number you want and a new line character you don't!
The application requires a user to enter a password in order to continue execution.
If the first argument of the Authenticate application begins with the '/' character, it is interpreted as a file that contains a list of acceptable passwords (one password per line). Usernames or channels cannot be specified in the password file.
If the options string contains the 'd' option, then the first argument represents a database key family, with the key being the password to be matched.
i.e.:
/FEATURE/1234 = anystring.
Here FEATURE is the key family and '1234' (the key) is the password to be matched.
The value associated with the key can be any string.
NOTE: This design is totally counterintuitive to common sense, it should have been designed as /FEATURE/TYPE = password, so that a password can be retrieved from the database when having a key (and not the password), or can be deleted without also deleting the family or tree (dbdeltree)
(counterintuitive, yes, but absolutely necessary. This is the only way to allow multiple passwords to be stored, and remove each upon use with the r option.)
See also
- Asterisk billing
- Asterisk password files
- Asterisk authenticate using voicemail passwords
- Asterisk cmd VMAuthenticate
Page Changes
New CDR Dialplan Function
Re: Alternative
I want to use authcode for IDD dailing can anyone help me in configuring it authcode will be of 4 digit followed by # and it will be dialed once user finish dialing IDD number system should prompt for Authcoce and once user dial authcode it connect to the IDD each user will use its individual Authcode
J option is broken in Authenticate...
When I dial from outside inwards from my cellphone, the system identifies me and asks for authentication in order to give me access to DISA and throw me in my context "walter"with no password. But instead of throwing me in "default"context when I input the wrong password (priority n+101) it gives me access to DISA sameway..!?
default
include => rede-int
exten => s/13188628800,1,Answer()
exten => s/13188628800,n,Set(TIMEOUT(digit)=5)
exten => s/13188628800,n,Set(TIMEOUT(response)=10)
exten => s/13188628800,n,Authenticate(123456|j) ; <---this "j"option should jump to priority n+101 whenever authetication fails. It does not happen though.
exten => s/13188628800,n,DISA(no-password|walter)
exten => s/13188628800,n+101,Goto(default,s,1)
exten => s,1,NoOp(Numero entrante:${CALLERIDNUM})
exten => s,n,Set(CALLERID(num)=${CALLERIDNUM:-10})
exten => s,n,NoOp(Novo numero:${CALLERIDNUM})
exten => s,n,Set(VAR = 1)
exten => s,n,Ringing(1)
exten => s,n,Answer()
exten => s,n(menu),Background(menu-bemvindo-res)
exten => s,n,Waitexten(5|m)
Any comments or fixes?
thanks,
Walter R Filho
strings?
Authenticate(mypassword) ; password is: 6972779673
Re: Passwords are exposed in reports
In my example i have changed it a bit since posting
one of the changes was the account code part
exten => 567,3,DBget(passkey=auth_user/${CALLERIDNUM})
exten => 567,4,Authenticate(${passkey})
exten => 567,5,SetAccount(${CALLERIDNUM})
what this now does is put in the caller id number as an acount code which also means that this account gets its own CDR records.
Database usage
Here is an example of how it has to work:
;;First, set the pin code by calling this macro
[macro-myapplication_pin]]
...
exten = s,10,setvar(feature=myfeature)
exten = s,11,setvar(pin=1234)
...
exten = s,20,DBput(APP-AUTH-${feature}/${pin}=TRUE)
...
;; Now call this macro to authenticate my application
[macro-myapplication_auth]]
;; Authenticate the user of an application
;; ARG1 = application feature
exten = s,1,setvar(feature=${ARG1})
exten = s,2,answer
exten = s,3,wait(1)
exten = s,4,authenticate(/APP-AUTH-${feature}|da)
exten = s,5,playback(feature/welcome)
exten = s,6,playback(feature/${feature})
exten = s,7,my_application(${feature})
exten = s,8,playback(vm-goodbye)
exten = s,9,hangup
Passwords are exposed in reports
Authenticate using CLI and password
Here is a simple method of authenticating users, This will work for internal and external as long as the have cli. first you need to create a database family
for example:- database put auth_user 123456 1234
will create a user whose cli must be 123456 and password is 1234
Then ad something similar to you extensions.conf
;password system
exten => 567,1,Answer ; Answer the line
exten => 567,2,Background,Welcome-to-test
exten => 567,3,DBget(passkey=auth_user/${CALLERIDNUM})
exten => 567,4,Authenticate(${passkey}|a)
exten => 567,5,SetAccount(${passkey})
exten => 567,6,WaitMusicOnHold(60)
It will be very simple to set up the system so users can change passwords themselves from their phone as well as you to add users from yours.
As this is only an example it will just play MOH.
enjoy
Re: Need to access the password after authentication
Need to access the password after authentication