[OpenSER-Users] Authentication problem in openSER

Ahmed Huraimel huraimel at gmail.com
Thu May 22 16:51:10 CEST 2008


hello all,

i am investigating the authentication on openSER. I search for a proper
explanations but unfortunately i did not find how it is exactly done so i
did some experiments. i assumed that the response is generated as the
following: note that i set the username and password with the same string
"alali"

Response = MD5( username + MD5(password) + realm +  nonce)

and in the openser.cfg i tell the server to take the username from the
header and set the password from the username since the username and the
password are the same (only for testing).

TEST1: setting modparam("auth", "calculate_ha1", 1) and telling the server
to expect a clear password
$avp(s:username) = $fU;
$avp(s:password) = $fU;

IT WORKS

TEST2:setting modparam("auth", "calculate_ha1", 0) and telling the server to
expect a hashed password
$avp(s:username) = $fU;
$avp(s:password) = $(fU{s.md5});

IT DOES NOT WORK


could anyone tell me how exactly the authentication is done in openSER? is
the response generated is like the one i assumed? what + means in the
response? does is mean concatenation or exoring?

if(!pv_www_authorize(""))
                {
                 www_challenge(""/*realm*/,"0"/*qop*/);
                 exit;
                }
            if (!save("location"))
              sl_reply_error();
           sl_send_reply("200", "ok");
           exit;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080522/11e97602/attachment.htm>


More information about the sr-users mailing list