[Serusers] LDAP with SIP digest HTTP authentication
nils at iptel.org
Sun Feb 22 00:53:23 CET 2004
On Sunday 22 February 2004 00:28, GUSTAVO GARCIA BERNARDO wrote:
> I'm trying to develop a solution for LDAP authentication in SER, but i have
> a question. With digest HTTP authentication (RFC 2617) the SIP server
> doesn't have the plain password, it has a hash of user:realm:password
> (H(A1)). How could a sip server authenticate the users using a standard
How do you came to this conclusion? E.g. by default SER stores the plain text
password and H(A1) in its database.
> LDAP database with this information?
> Somebody knows a solution for this?
> My ideas are to use HTTP basic authentication (not standard with SIP) or
Basic authentication is absolutely insecure! And basic authentication is not
allowed according to RFC3261. You will (hopefully) not find any SIP UA which
supports basic authentication.
> store H(A1) in LDAP (not standard in LDAP, you need to modify the stored
> information). I think both are bad solutions.
Store the plain text password or H(A1) in LDAP, whatever you prefer. It is
easy to generate H(A1) from a given plain text password.
More information about the sr-users