[Serusers] LDAP with SIP digest HTTP authentication

Nils Ohlmeier nils at iptel.org
Sun Feb 22 00:53:23 CET 2004

On Sunday 22 February 2004 00:28, GUSTAVO GARCIA BERNARDO wrote:
> I'm trying to develop a solution for LDAP authentication in SER, but i have
> a question.  With digest HTTP authentication (RFC 2617) the SIP server
> doesn't have the plain password, it has a hash of user:realm:password
> (H(A1)).   How could a sip server authenticate the users using a standard

How do you came to this conclusion? E.g. by default SER stores the plain text 
password and H(A1) in its database.

> LDAP database with this information?
> Somebody knows a solution for this?
> My ideas are to use HTTP basic authentication (not standard with SIP) or

Basic authentication is absolutely insecure! And basic authentication is not 
allowed according to RFC3261. You will (hopefully) not find any SIP UA which 
supports basic authentication.

> store H(A1) in LDAP (not standard in LDAP, you need to modify the stored
> information). I think both are bad solutions.

Store the plain text password or H(A1) in LDAP, whatever you prefer. It is 
easy to generate H(A1) from a given plain text password.


More information about the sr-users mailing list