[Serusers] LDAP with SIP digest HTTP authentication

GUSTAVO GARCIA BERNARDO ggb at tid.es
Sun Feb 22 02:20:04 CET 2004


> > I'm trying to develop a solution for LDAP authentication in SER, 
> but i have
> > a question.  With digest HTTP authentication (RFC 2617) the SIP 
> server> doesn't have the plain password, it has a hash of 
> user:realm:password> (H(A1)).   How could a sip server authenticate 
> the users using a standard
> 
> How do you came to this conclusion? E.g. by default SER stores the 
> plain text 
> password and H(A1) in its database.

I wanted to say that UA don't send plain password, only a password digest.
 
> > LDAP database with this information?
> >
> > Somebody knows a solution for this?
> >
> > My ideas are to use HTTP basic authentication (not standard with 
> SIP) or
> 
> Basic authentication is absolutely insecure! And basic 
> authentication is not 
> allowed according to RFC3261. You will (hopefully) not find any SIP 
> UA which 
> supports basic authentication.
I think so, too.
> > store H(A1) in LDAP (not standard in LDAP, you need to modify the 
> stored> information). I think both are bad solutions.
> 
> Store the plain text password or H(A1) in LDAP, whatever you 
> prefer. It is 
> easy to generate H(A1) from a given plain text password.
But, i want to authenticate with an external LDAP, and usually (my case too) you can't obtain plain passwords and you can't store new information (H(A1)) for the SIP service.


Thx.




More information about the sr-users mailing list