[Serusers] dbtext authentication and password encryption
Jan Janak
jan at iptel.org
Thu Mar 9 11:16:58 CET 2006
YOu can store them as HA1 strings (see RFC2617 for details). Basically it is
an MD5 hash of username, realm, and password. It is still not very secure,
because if someone gets access to the string then he could authenticate
using a modified SIP user agent, but at least people won't see the passwords
by accident.
To enable this set:
modparam("auth_db", "calculate_ha1", no)
modparam("auth_db", "password_column", "ha1")
You can generate the HA1 strings using gen_ha1 tool (which is installed with
SER).
Jan.
Istvan Hubay Cebrian wrote:
> Hi,
>
> I am currently deploying SER on a Linksys WRT54GS v1.1 router. I am using
> dbtext for authentication purposes. Lately I noticed that the user’s
> passwords are stored as text. My question is: if there is anyway in which I
> could encrypt these passwords? May-be using another module? Any information
> will be much appreciated.
>
> Thanks
>
More information about the sr-users
mailing list