[SR-Users] Kamailio authentication method
Mathys Frédéric
frederic.mathys at nagra.com
Thu May 7 09:49:13 CEST 2015
Hello Daniel,
Thank you for your answer, this is exactly what I need. Modification of the auth module seems to be a better solution, but this lead to some questions for me...
- Could you explain a little bit how the auth module is working? Which files do I have to modify to change the hash method?
- If I used another auth_* module to get username / password, the modification in the auth module is enough for the www_authentication? In other words, the authentication is always done in this module? Even If I use auth_radius or auth_diameter or a self-made auth_* module?
Regards,
Frederic
From: sr-users [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla
Sent: Wednesday 6 May 2015 16:44
To: Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio authentication method
Hello,
to understand properly, do you need to have:
HA1=SHA(username:realm:password)
HA2=SHA(method:digestURI)
response=SHA(HA1:nonce:HA2)
Perhaps it can be done with config file scripting, if you are familiar with transformations and header manipulation. But I think it will be simpler to extend auth module to support different hashing algorithm.
The code for computing shaX is already in kamailio (used for shaX transformations), so the change in auth should be about advertising and detecting when the new algorithm has to be used.
Cheers,
Daniel
On 06/05/15 16:28, Mathys Frédéric wrote:
Hello,
In my scenario with a Kamailio server, I have a VOIP client connecting to the server which, for some reasons, cannot calculate MD5 hashes but only SHA. In this situation, would it be possible to change the authentication algorithm by either modifying Kamailio scripts or writing an external module to do that?
As far as I know, the authentication response is calculated as follow (standard HTTP Digest authentication) :
HA1=MD5(username:realm:password)
HA2=MD5(method:digestURI)
response=MD5(HA1:nonce:HA2)
For that, I have to save ha1 and ha1b values in the DB with the SHA function directly (with a trigger for example), and then change the authentication method too.
What is the best solution to do that? Does a module already exists?
Thank you!
Frederic Mathys
System Integration & Validation
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org<mailto:sr-users at lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150507/b34435d8/attachment.html>
More information about the sr-users
mailing list