[Serusers] how not to store clear text passwd in database
Jan Janak
jan at iptel.org
Mon May 10 08:33:09 CEST 2004
Yes, set the following:
modparam("auth_db", "calculate_ha1", no)
and comment modparam("auth_db", "password_column", "password")
SER will then get the HA1 string from the ha1 column of subscriber
table. After that you can erase the contents of password column.
Make sure that your realm (the first parameter of www_authorize and
www_challenge) is the same as the domain column of subscriber table. The
realm value is hashed in the HA1 string as well and it will not
authenticate if it is different (such errors are hard to find).
Jan.
On 09-05 22:20, Rao wrote:
> Jiri Thanks. Is there a way to not store the passwd in clear and make everything work.
> if so how ?.
>
> Thanks.
>
> Rao.
>
>
> Jiri Kuthan <jiri at iptel.org> wrote:
> At 09:45 AM 5/8/2004, Rao wrote:
> >Hi,
> >
> >Is there a way not to store clear text passwd in the database ?
> >I cannot find an option to serctl to do this.
>
> serctl stores both clear-text and HA1.
>
> -jiri
>
>
> ---------------------------------
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list