Still on the subject, we are exploring the possibilities and one of them would be to use
the diameter module. As stated in the documentation :
"NOTE: diameter support was developed for DISC (DIameter Server Client project at
http://developer.berlios.de/projects/disc/). This project seems to be no longer maintained
and DIAMETER specifications were updated in the meantime. Thus, the module is obsolete and
needs rework to be usable with opendiameter or other DIAMETER servers."
Is it planned to update this module on your side on not?
One other solution would be to write our own module to connect to another server (which
contains the users/passwords and calculate the HA1 and HA2 values), tcp layer would still
be done by auth module. To do that, is there a spec on how to communicate with auth
module? And any documentation on custom module development and deployment? The principle
would be more or less the same as diameter, but maybe our server would not use radius nor
diameter protocols.
By doing it, we try to reach two goals : use SHA instead of MD5 and increase the security
of the user management by hosting it in a different way as Kamailio does.
Thank you,
Frederic
From: sr-users [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of
Daniel-Constantin Mierla
Sent: Wednesday 6 May 2015 16:44
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio authentication method
Hello,
to understand properly, do you need to have:
HA1=SHA(username:realm:password)
HA2=SHA(method:digestURI)
response=SHA(HA1:nonce:HA2)
Perhaps it can be done with config file scripting, if you are familiar with
transformations and header manipulation. But I think it will be simpler to extend auth
module to support different hashing algorithm.
The code for computing shaX is already in kamailio (used for shaX transformations), so the
change in auth should be about advertising and detecting when the new algorithm has to be
used.
Cheers,
Daniel
On 06/05/15 16:28, Mathys Frédéric wrote:
Hello,
In my scenario with a Kamailio server, I have a VOIP client connecting to the server
which, for some reasons, cannot calculate MD5 hashes but only SHA. In this situation,
would it be possible to change the authentication algorithm by either modifying Kamailio
scripts or writing an external module to do that?
As far as I know, the authentication response is calculated as follow (standard HTTP
Digest authentication) :
HA1=MD5(username:realm:password)
HA2=MD5(method:digestURI)
response=MD5(HA1:nonce:HA2)
For that, I have to save ha1 and ha1b values in the DB with the SHA function directly
(with a trigger for example), and then change the authentication method too.
What is the best solution to do that? Does a module already exists?
Thank you!
Frederic Mathys
System Integration & Validation
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org<mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany -
http://www.kamailioworld.com