[Serusers] Avoiding storing passwords in mysql "subscriber" table in clear-text

Bastian Schern ml01 at in-bln.de
Tue Oct 19 00:49:12 CEST 2004 

Have you found a solution for that?

Regards
	Bastian

karl schrieb:
> Thanks Jan for your feedback.
>  
> I may confirm that serctl is generating the follow values:
> i) Plain text in the "password" column.
> ii) Enrcrypted text in the "ha1" column.
> iii) Encrypted text in the "ha1b" column.
>  
> However, I refer back to my original objective, namely that while I 
> still require users to be authenticated against user credentials 
> (username, password, realm), on the other hand I want to avoid storing 
> passwords in clear text in mysql "subscriber" table, when creating new 
> user accounts using the serctl add command.
>  
> Thanks
>  
> Karl
> */Jan Janak <jan at iptel.org>/* wrote:
> 
>     Make sure that you have proper values in ha1 column (generated
>     automatically by serctl, if not then you can use gen_ha1 utility to
>     generate the hashes from plaintext password) and set:
> 
>     modparam("auth_db", "calculate_ha1", no)
>     modparam("auth_db", "password_column", ha1)
> 
>     Jan.
> 
>     On 12-10 00:12, karl wrote:
>      > Hi guys,
>      >
>      > I would appreciate if someone may help me on the subject. While
>     still requiring users to be authenticated against user credentials
>     (username, password, realm), on the other hand I want to avoid
>     storing passwords in clear text in mysql "subscriber" table. Any ideas?
>      >
>      > Thank you in advanced.
>      >
>      > Best regards,
>      >
>      > Karl
>      >
>      >
>      >
>      >
>      > ---------------------------------
>      > Do you Yahoo!?
>      > vote.yahoo.com - Register online to vote today!
>      > ; _______________________________________________
>      > Serusers mailing list
>      > serusers at lists.iptel.org
>      > http://lists.iptel.org/mailman/listinfo/serusers
> 
> ------------------------------------------------------------------------
> Do you Yahoo!?
> vote.yahoo.com <http://vote.yahoo.com> - Register online to vote today!
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list