[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openser-users
Subject:    [SR-Users]  Meddling with password during authentication
From:       Olli Heiskanen <ohjelmistoarkkitehti () gmail ! com>
Date:       2014-12-26 18:33:43
Message-ID: CALu7wuY=H4vXwy8J4KeOj3gy36rLM4AA3o3oT9jNzvkM0NKzDQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello all,

During authentication, is there any way to affect the password user is
sending? I do suspect not as it is a clear security matter, but won't hurt
to ask. I use auth_db module with calculate_ha1 parameter set to 1. For
reasons in integrating Kamailio into my system architecture there is a need
to store a password in some other format than for example
md5('555:domain.com:password)') while not allowing any passwords to be
stored as plaintext.

For example: md5('555:domain.com:md5('password')') but this would require
me to hash the password before authentication, in Kamailio script as I
can't do it in the clients.

Reason for this question is to have my users in a separate database, and
these users could have 0-n sip peers assigned to them, and have users
authenticate to my software and the sip peers using the same password.

cheers,
Olli

[Attachment #5 (text/html)]

<div dir="ltr"><div><br></div><div>Hello all,</div><div><br></div><div>During \
authentication, is there any way to affect the password user is sending? I do suspect \
not as it is a clear security matter, but won&#39;t hurt to ask. I use auth_db module \
with calculate_ha1 parameter set to 1. For reasons in integrating Kamailio into my \
system architecture there is a need to store a password in some other format than for \
example md5(&#39;555:domain.com:password)&#39;) while not allowing any passwords to \
be stored as plaintext.  </div><div><br></div><div>For example: \
md5(&#39;555:domain.com:md5(&#39;password&#39;)&#39;) but this would require me to \
hash the password before authentication, in Kamailio script as I can&#39;t do it in \
the clients.  </div><div><br></div><div>Reason for this question is to have my users \
in a separate database, and these users could have 0-n sip peers assigned to them, \
and have users authenticate to my software and the sip peers using the same \
password.</div><div><br></div><div>cheers,</div><div>Olli</div></div>



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic