[SR-Users] Kamailio/Asterisk combination + hashed passwords?

Daniel-Constantin Mierla miconda at gmail.com
Thu Jun 6 16:35:11 CEST 2013


Hello,

On 6/6/13 11:05 AM, Daniel Pocock wrote:
> I was just looking over:
>
> http://kb.asipto.com/asterisk:realtime:kamailio-3.3.x-asterisk-10.7.0-astdb
>
> A couple of things I noticed:
>
> - Kamailio is using a column sippasswd which is not hashed.  Asterisk
> doesn't use that column at all.  Is there any reason this can't be done
> with the H(A1) and H(A1b) columns?  The INSERT example shows a
> non-encrypted password.

you can store hashed value there. In Kamailio is just a matter of config 
parameter/function parameter to say the loaded value is either plain 
text or ha1.

>
> - Is it all considered valid for Kamailio 4 and Asterisk 11?  (maybe a
> disclaimer could be added at the top)

There is another one for K4.0 and A11:

- 
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb

Not many changes and apparently there are newer updates in asterisk 
database structure on latest RC of 11.3.x.

>
> - The Asterisk columns `md5secret' and `secret' are left empty so that
> Asterisk won't challenge.  I believe there are other ways of doing this:
> for example, telling Kamailio to be the registrar and forcing Asterisk
> to use outbound proxy mode.  I managed to make this work against repro -
> Asterisk no longer receives any REGISTER messages, but all INVITEs go
> through Asterisk, so the double-challenge problem only arises for
> INVITEs.  Maybe Asterisk can be told that Kamailio's source IP:port is
> `trusted' and doesn't need to be challenged - is anybody aware of such
> an option in Asterisk?
There are various ways of doing it, this particular one tried to be at 
least intrusive as possible in asterisk, not to require changing a 
deployed asterisk configuration.

For a new deployment, other approach is more recommended, using kamailio 
as outbound proxy.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
   * http://asipto.com/u/katu *




More information about the sr-users mailing list