LT-Cred-Mech with Redis and no keys

188 views
Skip to first unread message

Derrick Hinkle

unread,
Jun 26, 2014, 2:47:19 PM6/26/14
to turn-server-project...@googlegroups.com
I'm having trouble using redis as the user database with the longterm credential mechanism and plain passwords. Is it a strict requirement for me to also set keys? Specifically, COTURN is giving me:

Jun 26 18:18:55 newton turnserver: 38: session 000000000000000001: realm <XXXXX> user <cf151d93>: incoming packet message processed, error 401: Unauthorised
Jun 26 18:18:55 newton turnserver: 38: check_stun_auth: Cannot find credentials of user <cf151d93>

Background:
I have an external service running which is adding auto-expiring credentials to redis for clients to use. The TURN credentials are short lived (a few hours) and highly variable. Currently, my program just generates and inserts them without using turnadmin to generate a key at all.  Using the turnutils_uclient, I can't seem to authenticate. I can confirm that the credentials exist in the redis database, and it seems like coturn is successfully connected to redis.  For each user, I'm adding a single key/value, of the format

turn/realm/XXXXX/user/cf151d93/password 9406d2

If possible, I'd significantly prefer to avoid having to use the turnadmin to generate keys, as redis in this case is highly restricted and credentials are short-lived. 

Derrick Hinkle

unread,
Jun 26, 2014, 3:22:30 PM6/26/14
to turn-server-project...@googlegroups.com
I resolved this, I had mis-set my configuration. For those with similar problems:

1. Yes, you can just use plaintext passwords in redis. No need for keys if you don't want.
2. COTURN will let you set redis-userdb twice without warning, and only use the second argument. 

Oleg Moskalenko

unread,
Jun 26, 2014, 4:08:08 PM6/26/14
to Derrick Hinkle, turn-server-project...@googlegroups.com
Yes, it is using the last argument of a particular type.


--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages