I might be wrong....thanks for the help so far.
Regards
On Tue, Jan 3, 2012 at 5:15 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
On 1/3/12 4:12 PM, Ali Jawad wrote:
Hi Daniel
This certainly makes sense, I will try it in a few mins, but what I
observed at Debug Level 3 is that Hash is calculated before
www_authenticate is executed and it shows HA comparison failed, if I
do use
domain.com instead of $fd and use $domain.com in db domain
field and build HA1 filed based on that, wont Kamailio still try to
build the HA1 hash which it will compare form user:domain:pwd where
domain is fed in to the hash function from the header of the SIP
packet ?
the ha1 is actually hash over 'user:realm:pwd' -- it is just common
practice
to use the domain as realm, since realm should be a unique token to
identify
the service, but it can be any random string. realm is given as
parameter
to auth functions in kamailio.cfg
Cheers,
Daniel
> Regards
>
> On Tue, Jan 3, 2012 at 5:07 PM, Daniel-Constantin Mierla
> <miconda(a)gmail.com> wrote:
>>
>> Hello,
>>
>> you can simply use 'domain.com' as realm parameter to authentication
>> function instead of $fd. Also build ha1 and ha1b with
domain.com and
>> then
>> you are safe no matter which sip server is used.
>>
>> Of course you can build the realm by striping first token before '.' in
>> $fd
>> and pass it to authentication functions, but not sure if makes sense
>> since
>> it should be always
domain.com
>>
>> Cheers,
>> Daniel
>>
>>
>> On 1/3/12 3:15 PM, Ali Jawad wrote:
>>>
>>> Hi
>>> After some research it seems to me that the only way to achieve this
>>> is to "try" and change how hashing is done in the source code, a
>>> little bit too ambitious for me, and it means I will have loads of
>>> problems each time an upgrade is released.
>>>
>>> Or
>>>
>>> Use pseudovariables to fix the value of the $fd value to something
>>> constant, while this worked for values like $var(y) I was not able to
>>> assign/strip $fd to remove the subdomain part.
>>>
>>> Any input please ?
>>>
>>> Regards
>>>
>>> On Tue, Jan 3, 2012 at 2:06 PM, Ali Jawad<ali.jawad(a)splendor.net>
>>> wrote:
>>>>
>>>> Hi
>>>> I do have 3 Kamailio servers, one for mobile phone registrations, one
>>>> for softphone registrations and one for SIP device registrations.
>>>> Each
>>>> of those devices connects to it's perspective kamailio server
>>>>
>>>>
sip1.domain.com
>>>>
sip2.domain.com
>>>>
sip3.domain.com
>>>>
>>>> All 3 Kamailio servers share the same database, and users can use
>>>> their kamailio user/pwd on any of the devices, now I want to use
>>>> encrypted passwords and remove clear text passwords from the
>>>> database.
>>>> I did test with one server and all is fine,however if a user want to
>>>> register from the second kamailio server it does not work, basically
>>>> because the db domain entry from which the hash is created is
>>>>
sip1.domain.com and stored in the db, while the user connects from to
>>>>
sip2.domain.com this eventually generates a different hash.
>>>>
>>>> Is there anyway to overcome this ? Can I exclude Domain from Hash
>>>> generation ? Any other option that allows me to do the above ?
>>>>
>>>> Thanks
>>>
>>>
>>>
>> --
>> Daniel-Constantin Mierla --
http://www.asipto.com
>>
http://linkedin.com/in/miconda --
http://twitter.com/miconda
>>
>
>
> --
> Daniel-Constantin Mierla --
http://www.asipto.com
>
http://linkedin.com/in/miconda --
http://twitter.com/miconda