[Users] Authentication and Password encryption using dbtext

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Mar 16 10:42:43 CET 2006 

Hello,

On 03/15/06 18:25, Istvan Hubay Cebrian wrote:
> Hi,
>
> I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
> www.milkfish.org ). 
>
> I have read through all available documentation concerning authentication
> and dbtext and I have configured OpenSER such that an MD5 hash string is
> stored in the subscribers file. 
>
> However (and this may-be specific to milkfish) the password was also always
> being stored as text. After editing and removing the parameter that stored
> the password as text in 'dbtextctl' authentication no longer works. This
> IMHO is because the UA is sending the password as text which is then being
> compared to the MD5 hash string, this test obviously fails.
>
> One solution would be to receive the password as text, then construct the
> MD5 hash string then compare, however I don't know how to do this.
>   
you can store the HA1 string and then set the proper parameters of 
auth_db module, see:
http://openser.org/docs/modules/1.0.x/auth_db.html

-- just look at password_column and calculate_ha1 parameters.

Cheers,
Daniel


> I have looked through openser.cfg but I can't seem to make heads or tails of
> (particularly the www_authorize and challenge part):
>
> if (method=="REGISTER") 
>         {                             
>                 if (uri==myself)
>                 {
>                         #wants to register only at router, no external SIP
> provider  
>                         #log(1, "internal REGISTER\n");
>                         #make entry at local registrar
>         		if (!www_authorize("", "subscriber")) {
> 	            		www_challenge("", "0");
> 			        exit;
> 		        };           
>                         save("location");
>                 }
>                 else    
>                 {       
>                         #wants to register at external SIP provider 
>                         #log(1, "external REGISTER\n");
>                         #check if user is already registered at internal
> registrar 
>                         if (!lookup("location"))
>                         {
>                                 #if not do a drive-by registration
>                                 #for registration at internal registrar
>                                 #without a reply 
>                                 save_noreply("location");       
>                         };
>                         #Fixing of private address in contact hf
>                         fix_nated_contact("217.189.167.187"); 
>                         route(1);
>                 };
>                 return;
>                              
>         };   
>
> If anyone could explain what is happening above, or how I could accomplish
> what I need (in which username, password and realm are received and an MD5
> hash string is constructed) I would be much appreciated.
>
> Regards,
> Istvan
>
>
>

More information about the sr-users mailing list