[Pkg-voip-commits] [resiprocate] 04/14: Add new reTurnServer.config parameters

Daniel Pocock pocock at moszumanska.debian.org
Sun Jan 12 10:44:37 UTC 2014 

This is an automated email from the git hooks/post-receive script.

pocock pushed a commit to branch master
in repository resiprocate.

commit 313852f524f1243943c4147555c363e65906572c
Author: Daniel Pocock <daniel at pocock.com.au>
Date:   Sun Jan 12 09:08:33 2014 +0100

    Add new reTurnServer.config parameters
---
 debian/conf/reTurnServer.config | 76 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 3 deletions(-)

diff --git a/debian/conf/reTurnServer.config b/debian/conf/reTurnServer.config
index 6e7b5b3..23f4a57 100644
--- a/debian/conf/reTurnServer.config
+++ b/debian/conf/reTurnServer.config
@@ -2,6 +2,20 @@
 # reTurnServer configuration file
 ########################################################
 
+# Software name to include in STUN messages
+# Set this to an empty string to reveal no software
+# name information in STUN messages.
+# Default: reTURNServer (RFC5389)
+# The default also includes the software version on
+# those platforms where PACKAGE_VERSION is defined
+# at compile time.
+#SoftwareName =
+
+# Whether or not to pad the SoftwareName value to
+# a multiple of four bytes for compatibility with
+# legacy clients.  Default: true
+#PadSoftwareName = true
+
 ########################################################
 # Transport settings
 ########################################################
@@ -116,6 +130,49 @@ AuthenticationRealm = reTurn
 #
 UserDatabaseFile = /etc/reTurnServer-users.txt
 
+# Hashed passwords in the user database file
+# This option specifies whether the passwords are plain text
+# or hashed with the scheme H(A1)
+#
+# When hashed passwords are enabled by this configuration setting,
+# the values in the password column are the MD5 hash 
+# represented in hexadecimal
+#
+# To create a hashed password for the following credentials:
+#
+#      user:       bob
+#      realm:      example.org
+#      password:   foobar
+#
+# you can issue a command such as:
+#
+#      echo -n bob:example.org:foobar | md5sum
+#
+# WARNING: the hashing scheme prevents recovery of the plain text
+# password.  However, H(A1) hash values must still be kept
+# secret as they can be used to impersonate the user.
+# Therefore, the user database file should always be readable
+# only by the reTurn process and no other regular users.
+#
+UserDatabaseHashedPasswords = false
+
+# How frequently to check the user database file for changes
+# Set to 0 to only load the file once at startup
+# Default = 60 seconds
+UserDatabaseCheckInterval = 60
+
+# A common error involves leaving AuthenticationRealm at its
+# default value but using some other realm name in the
+# file specified by UserDatabaseFile
+# By default, reTurn will now refuse to run unless at least
+# one user is defined for the realm specified by the parameter
+# AuthenticationRealm
+#
+# However, if you are not using TURN and only require STUN,
+# no valid users are necessary so you can force reTurn to
+# run without users by setting RunWithoutValidUsers
+#
+RunWithoutValidUsers = false
 
 ########################################################
 # TURN Allocation settings
@@ -153,12 +210,25 @@ MaxAllocationLifetime = 3600
 ########################################################
 
 # TLS Server Certificate Filename (loaded from working directory)
-# The PEM formated file that contains the private and public
-# key of the certificate that will be presented to clients
-# connecting over TLS.
+# The PEM formated file that contains the server certificate.
+# If the CA supplieds an intermediate certificate chain, those
+# certificates should also be appened to this file.
+# The private key may optionally be included in this file
+# or in a separate key file specified by TlsServerPrivateKeyFilename
 TlsServerCertificateFilename = server.pem
 
+# TLS Server Private Key Filename (loaded from working directory)
+# The PEM formated file that contains the private key of the certificate
+# that will be presented to clients connecting over TLS.
+# If not specified, reTurn will also try to find the private key
+# in the file specified by TlsServerCertificateFilename
+TlsServerPrivateKeyFilename = server-key.pem
+
 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
+# Can be generated with the command:
+#
+#     openssl dhparam -outform PEM -out dh512.pem 512
+#
 TlsTempDhFilename = dh512.pem
 
 # TLS server private key certificate password required to read

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/resiprocate.git

More information about the Pkg-voip-commits mailing list