[Serusers] Avoiding storing passwords in mysql "subscriber" table in clear-text

karl ser_newbie at yahoo.com
Mon Oct 18 09:07:23 CEST 2004


Thanks Jan for your feedback.
 
I may confirm that serctl is generating the follow values:
i) Plain text in the "password" column.
ii) Enrcrypted text in the "ha1" column.
iii) Encrypted text in the "ha1b" column.
 
However, I refer back to my original objective, namely that while I still require users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table, when creating new user accounts using the serctl add command.
 
Thanks
 
Karl
Jan Janak <jan at iptel.org> wrote:
Make sure that you have proper values in ha1 column (generated
automatically by serctl, if not then you can use gen_ha1 utility to
generate the hashes from plaintext password) and set:

modparam("auth_db", "calculate_ha1", no)
modparam("auth_db", "password_column", ha1)

Jan.

On 12-10 00:12, karl wrote:
> Hi guys,
> 
> I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
> 
> Thank you in advanced.
> 
> Best regards,
> 
> Karl
> 
> 
> 
> 
> ---------------------------------
> Do you Yahoo!?
> vote.yahoo.com - Register online to vote today!
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers


		
---------------------------------
Do you Yahoo!?
vote.yahoo.com - Register online to vote today!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20041018/e4a7975d/attachment.htm>


More information about the sr-users mailing list