Synopsis

Authenticate a user with a dialed passcode

Syntax

1.4-

1.6+

Authenticate(password[,options[,maxdigits]])
Authenticate(/passwdfile|[,options[,maxdigits]])
Authenticate(/db-keyfamily,d[options[,maxdigits]])

Options

A string of options may be provided by concatenating any of the following letters:

a - Set account code to the password that is entered. The password will be stored in the CDR field "accountcode" and the channel variable ${ACCOUNTCODE} will be set.
d - Interpret path as database key family
j - jump to priority n+101 if the authentication fails and that priority exists (1.4-, 1.6+)
m - Interpret the given path as a file which contains a list of account codes and password hashes delimited with ':', listed one per line in the file. When one of the passwords is matched, the channel will have its account code set to the corresponding account code in the file.
r - Remove database key upon successful entry (only applicable with 'd' option)
maxdigits - maximum acceptable number of digits. Stops reading after maxdigits have been entered (without requiring the user to press the '#' key). Defaults to 0 - no limit - wait for the user press the '#' key.

NOTE: The 'm' option does not set the account code unless the 'a' option is specified as well.
NOTE: When using the 'm' option, make sure that you don't create the hash with the number you want and a new line character you don't!

Description

The application requires a user to enter a password in order to continue execution.

If the first argument of the Authenticate application begins with the '/' character, it is interpreted as a file that contains a list of acceptable passwords (one password per line). Usernames or channels cannot be specified in the password file.

If the options string contains the 'd' option, then the first argument represents a database key family, with the key being the password to be matched.
i.e.:
/FEATURE/1234 = anystring.
Here FEATURE is the key family and '1234' (the key) is the password to be matched.
The value associated with the key can be any string.

NOTE: This design is totally counterintuitive to common sense, it should have been designed as /FEATURE/TYPE = password, so that a password can be retrieved from the database when having a key (and not the password), or can be deleted without also deleting the family or tree (dbdeltree)
(counterintuitive, yes, but absolutely necessary. This is the only way to allow multiple passwords to be stored, and remove each upon use with the r option.)

In Asterisk 1.4. and above access the channel variable ${ACCOUNTCODE} by using ${CDR(accountcode)}

Comments Filter
Messages	Style	Sort

Is very easy, the magic word in documentation is hashed password.
in extension conf:
  Authenticate(/etc/asterisk/passwd_code.txt,am);
in passwd_code.txt
  1234:d005ce7aeef46bd18515f783fb8e87fa
  1235:b8c4c8b2271787e2f78b5fe2ce193caa
  1236:8af141d3c5a5146a3eac9d166ab4c458
to hash a password you can use md5 -s
example
  # md5 -s "9993"
  MD5 ("9993") = 8af141d3c5a5146a3eac9d166ab4c458
where 9993 is the password to hash and 8af141d3c5a5146a3eac9d166ab4c458 is hashed password
copy paste in the password file

222

I had difficulty getting the |a option to work in authenticate. Turned out that in newer versions (mine is 1.4.4) the ${ACCOUNTCODE} variable has been deprecated for the new dialplan function CDR. Where one would previously use Set(Code=${ACCOUNTCODE}) should now use Set(Code=CDR(accountcode)). Hope this helps someone.

222

Hi,

I want to use authcode for IDD dailing can anyone help me in configuring it authcode will be of 4 digit followed by # and it will be dialed once user finish dialing IDD number system should prompt for Authcoce and once user dial authcode it connect to the IDD each user will use its individual Authcode

222

It seems that the "j" option is broken in Authenticate.
When I dial from outside inwards from my cellphone, the system identifies me and asks for authentication in order to give me access to DISA and throw me in my context "walter"with no password. But instead of throwing me in "default"context when I input the wrong password (priority n+101) it gives me access to DISA sameway..!?

default
include => rede-int

exten => s/13188628800,1,Answer()
exten => s/13188628800,n,Set(TIMEOUT(digit)=5)
exten => s/13188628800,n,Set(TIMEOUT(response)=10)
exten => s/13188628800,n,Authenticate(123456|j) ; <---this "j"option should jump to priority n+101 whenever authetication fails. It does not happen though.
exten => s/13188628800,n,DISA(no-password|walter)
exten => s/13188628800,n+101,Goto(default,s,1)

exten => s,1,NoOp(Numero entrante:${CALLERIDNUM})
exten => s,n,Set(CALLERID(num)=${CALLERIDNUM:-10})
exten => s,n,NoOp(Novo numero:${CALLERIDNUM})
exten => s,n,Set(VAR = 1)
exten => s,n,Ringing(1)
exten => s,n,Answer()
exten => s,n(menu),Background(menu-bemvindo-res)
exten => s,n,Waitexten(5|m)

Any comments or fixes?
thanks,
Walter R Filho

222

Is it possible to type in strings as opposed to numbers, and have Asterisk automatically do the conversion? I know I could do it manually, but for legibility purposes, it would be nice to have...

Authenticate(mypassword) ; password is: 6972779673

222

Hi
In my example i have changed it a bit since posting
one of the changes was the account code part

exten => 567,3,DBget(passkey=auth_user/${CALLERIDNUM})
exten => 567,4,Authenticate(${passkey})
exten => 567,5,SetAccount(${CALLERIDNUM})

what this now does is put in the caller id number as an acount code which also means that this account gets its own CDR records.

222

In database usage, the design of this command is totally counter-intuitive when storing the passcode to the database. Updated the documentation to reflect its true workings.
Here is an example of how it has to work:

;;First, set the pin code by calling this macro
[macro-myapplication_pin]]
...
exten = s,10,setvar(feature=myfeature)
exten = s,11,setvar(pin=1234)
...
exten = s,20,DBput(APP-AUTH-${feature}/${pin}=TRUE)
...

;; Now call this macro to authenticate my application

[macro-myapplication_auth]]
;; Authenticate the user of an application
;; ARG1 = application feature
exten = s,1,setvar(feature=${ARG1})
exten = s,2,answer
exten = s,3,wait(1)
exten = s,4,authenticate(/APP-AUTH-${feature}|da)
exten = s,5,playback(feature/welcome)
exten = s,6,playback(feature/${feature})
exten = s,7,my_application(${feature})
exten = s,8,playback(vm-goodbye)
exten = s,9,hangup

222

The problem with using the Authenticate command is that the password is exposed when I print reports for users. Is there a way to set an accountcode that identifies the user that is not the password?

222

Hi
Here is a simple method of authenticating users, This will work for internal and external as long as the have cli. first you need to create a database family
for example:- database put auth_user 123456 1234
will create a user whose cli must be 123456 and password is 1234

Then ad something similar to you extensions.conf

;password system

exten => 567,1,Answer ; Answer the line
exten => 567,2,Background,Welcome-to-test
exten => 567,3,DBget(passkey=auth_user/${CALLERIDNUM})
exten => 567,4,Authenticate(${passkey}|a)
exten => 567,5,SetAccount(${passkey})
exten => 567,6,WaitMusicOnHold(60)

It will be very simple to set up the system so users can change passwords themselves from their phone as well as you to add users from yours.

As this is only an example it will just play MOH.

enjoy

222

Sorry found it..its in accountcode if you use option .....a'

Page 1 of 2 »

voip-info.org

Asterisk cmd Authenticate

Synopsis

Syntax

1.4-

1.6+

Options

Description

See also

Comments

333Using de option m for Authenticate cmd

333New CDR Dialplan Function

333Re: Alternative

333J option is broken in Authenticate...

333strings?

333Re: Passwords are exposed in reports

333Database usage

333Passwords are exposed in reports

333Authenticate using CLI and password

333Re: Need to access the password after authentication

Ads

Last modif pages

Free

Ads

Server stats

Get Help

Google Ads