docs fixes.
This commit is contained in:
mom040267
parent
9ddf00a4c2
commit
55eb21b5b7
63
INSTALL
63
INSTALL
@ -706,6 +706,15 @@ CREATE TABLE turnusers_lt (
|
||||
PRIMARY KEY (realm,name)
|
||||
);
|
||||
|
||||
The field hmackey contains HEX string representation of the key.
|
||||
We do not store the user open passwords for long-term credentials, for security reasons.
|
||||
Storing only the HMAC key has its own implications - if you change the realm,
|
||||
you will have to update the HMAC keys of all users, because the realm is
|
||||
used for the HMAC key generation.
|
||||
|
||||
The key must be 32 characters (HEX representation of 16 bytes) for SHA1,
|
||||
or 64 characters (HEX representation of 32 bytes) for SHA256.
|
||||
|
||||
# Table for short-term credentials mechanism authorisation:
|
||||
#
|
||||
CREATE TABLE turnusers_st (
|
||||
@ -760,19 +769,10 @@ CREATE TABLE turn_realm_option (
|
||||
primary key (realm,opt)
|
||||
);
|
||||
|
||||
The field hmackey contains HEX string representation of the key.
|
||||
We do not store the user open passwords for long-term credentials, for security reasons.
|
||||
Storing only the HMAC key has its own implications - if you change the realm,
|
||||
you will have to update the HMAC keys of all users, because the realm is
|
||||
used for the HMAC key generation.
|
||||
|
||||
The key must be 32 characters (HEX representation of 16 bytes) for SHA1,
|
||||
or 64 characters (HEX representation of 32 bytes) for SHA256.
|
||||
|
||||
# oAuth key storage table.
|
||||
#
|
||||
CREATE TABLE oauth_key (
|
||||
kid varchar(128),
|
||||
kid varchar(128), /*
|
||||
ikm_key varchar(256) default '',
|
||||
timestamp bigint default 0,
|
||||
lifetime integer default 0,
|
||||
@ -784,6 +784,42 @@ CREATE TABLE oauth_key (
|
||||
primary key (kid)
|
||||
);
|
||||
|
||||
The oauth_key table fields meanings are:
|
||||
|
||||
kid: the kid of the key;
|
||||
|
||||
ikm_key - (optional) base64-encoded key ("input keying material");
|
||||
The ikm_key is not needed if the as_rs_key and auth_key are defined
|
||||
explicitly in the database;
|
||||
|
||||
timestamp - (optional) the timestamp (in seconds) when the key
|
||||
lifetime started;
|
||||
|
||||
lifetime - (optional) the key lifetime in seconds; the default value
|
||||
is 0 - unlimited lifetime.
|
||||
|
||||
hkdf_hash_func - (optional) hash function for HKDF procedure; the
|
||||
valid values are SHA-1 and SHA-256, with SHA-256 as default;
|
||||
The hkdf_hash_func is not needed if the as_rs_key and auth_key
|
||||
are defined explicitly in the database;
|
||||
|
||||
as_rs_alg - oAuth token encryption algorithm; the valid values are
|
||||
"AES-128-CBC" and "AES-256-CBC", , "AEAD-AES-128-GCM",
|
||||
"AEAD-AES-256-GCM".
|
||||
The default value is "AES-256-CBC";
|
||||
|
||||
as_rs_key - (optional) base64-encoded AS-RS key. If not defined, then
|
||||
calculated with ikm_key and hkdf_hash_func. The as_rs_key length
|
||||
is defined by as_rs_alg.
|
||||
|
||||
auth_alg - (optional) oAuth token authentication algorithm; the valid values are
|
||||
"HMAC-SHA-256-128", "HMAC-SHA-256" and "HMAC-SHA-1".
|
||||
The default value is "HMAC-SHA-256-128".
|
||||
|
||||
auth_key - (optional) base64-encoded AUTH key. If not defined, then
|
||||
calculated with ikm_key and hkdf_hash_func. The auth_key length
|
||||
is defined by auth_alg.
|
||||
|
||||
You can use turnadmin program to manage the database - you can either use
|
||||
turnadmin to add/modify/delete users, or you can use turnadmin to produce
|
||||
the hmac keys and modify the database with your favorite tools.
|
||||
@ -945,6 +981,11 @@ Or in the turnserver.conf file:
|
||||
|
||||
mongo-userdb="mongodb://localhost:27017/turndb"
|
||||
|
||||
The meanings of the MongoDB keys are the same as for the other databases, see the
|
||||
explanations for the Postgres, for example.
|
||||
|
||||
See the file testmongosetup.sh for the database structure examples.
|
||||
|
||||
XVII. Redis setup
|
||||
|
||||
The Redis setup is well documented on their site http://redis.io.
|
||||
@ -1013,6 +1054,8 @@ Redis TURN admin commands:
|
||||
|
||||
$ bin/turnadmin -A -N "host=localhost dbname=0 user=turn password=turn" -u gorst -r north.gov -p hero
|
||||
$ bin/turnadmin -A -N "host=localhost dbname=0 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
|
||||
|
||||
See the file testredisdbsetup.sh for the data structure examples.
|
||||
|
||||
XVIII. Performance tuning
|
||||
|
||||
|
||||
@ -190,7 +190,7 @@ Flags:
|
||||
This option can be used with long-term credentials mechanisms only -
|
||||
it does not make much sense with the short-term mechanism.
|
||||
|
||||
--oauth Support oAuth authentication.
|
||||
--oauth Support oAuth authentication, as in the third-party TURN specs document.
|
||||
|
||||
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user