[Users] Authentication and Password encryption using dbtext

Istvan Hubay Cebrian ihc.www at gmail.com
Wed Mar 15 18:25:45 CET 2006 

Hi Norman, 

Milkfish.org provides various packages, you can download binaries that
already include OpenWRT and the latest release of Milkfish/OpenSER (
http://developer.berlios.de/project/showfiles.php?group_id=3690 ) and simply
flash this file to your router. Instructions on how to do this are available
at the milkfish wiki: http://wiki.milkfish.org/index.php?n=Boozy.StepByStep
this is probably the best option.

Alternatively you can firstly install OpenWRT (RC4 required) and then use
ipkg (similar to apt-get) to retrieve and install milkfish packages which
include OpenSER and Milkfish configuration files.

To do this you will first need a router running OpenWRT RC4 and already
configured, then you will need to edit /etc/ipkg.conf and add the line 'src
milkfish http://packages.milkfish.org/boozy/'. 

Keep in mind that most files (particularly in /etc) are sym links to the
read-only fs located in /rom. Therefore you will need to remove the sym link
/etc/ipgk.conf that points to /rom/etc/ipkg.conf, and copy the original from
/rom/etc/ipkg.conf to /etc/ and only then can you edit.

Once you're done run 'ipkg install milkfish' this will install OpenSER and
Milkfish configuration files and depending on your needs you can run 'ipkg
install rtpproxy'.

I had a few problems initially namely every installed script had as owner
'1000' I had to change this to 'root' so that the web interface ran
correctly. This should probably be enough however you should take a look at
the milkfish wiki for more detailed instructions. 

Hope this helps.

Regards,
Istvan

-----Original Message-----
From: Norman Brandinger [mailto:norm at goes.com] 
Sent: quarta-feira, 15 de Março de 2006 16:38
To: Istvan Hubay Cebrian
Cc: users at openser.org
Subject: Re: [Users] Authentication and Password encryption using dbtext

Hi Istvan,

Just last night I loaded dd-wrt (v23) on a WRT54G.  It loaded SER, not 
OpenSER which was pretty slick but I would rather have OpenSER on it :)

Can you send me the package you created, or instructions on creating a 
package myself ?  Once OpenSER is loaded on the WRT54G, I'll try to give 
you a hand in resolving this problem.

I've been to the milkfish site in the past but didn't have the time to 
dig into it.  I think that a linux (not FreeBSD) development environment 
is required.  If this is the case, it will take me a little while to get 
up to speed as linux isn't for anything over here (which means that we 
would have to re-task an existing machine or build up a new one).

Regards,
Norm
norm at goes dot com


Istvan Hubay Cebrian wrote:
> Hi,
>
> I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
> www.milkfish.org ). 
>
> I have read through all available documentation concerning authentication
> and dbtext and I have configured OpenSER such that an MD5 hash string is
> stored in the subscribers file. 
>
> However (and this may-be specific to milkfish) the password was also
always
> being stored as text. After editing and removing the parameter that stored
> the password as text in 'dbtextctl' authentication no longer works. This
> IMHO is because the UA is sending the password as text which is then being
> compared to the MD5 hash string, this test obviously fails.
>
> One solution would be to receive the password as text, then construct the
> MD5 hash string then compare, however I don't know how to do this.
>
> I have looked through openser.cfg but I can't seem to make heads or tails
of
> (particularly the www_authorize and challenge part):
>
> if (method=="REGISTER") 
>         {                             
>                 if (uri==myself)
>                 {
>                         #wants to register only at router, no external SIP
> provider  
>                         #log(1, "internal REGISTER\n");
>                         #make entry at local registrar
>         		if (!www_authorize("", "subscriber")) {
> 	            		www_challenge("", "0");
> 			        exit;
> 		        };           
>                         save("location");
>                 }
>                 else    
>                 {       
>                         #wants to register at external SIP provider 
>                         #log(1, "external REGISTER\n");
>                         #check if user is already registered at internal
> registrar 
>                         if (!lookup("location"))
>                         {
>                                 #if not do a drive-by registration
>                                 #for registration at internal registrar
>                                 #without a reply 
>                                 save_noreply("location");       
>                         };
>                         #Fixing of private address in contact hf
>                         fix_nated_contact("217.189.167.187"); 
>                         route(1);
>                 };
>                 return;
>                              
>         };   
>
> If anyone could explain what is happening above, or how I could accomplish
> what I need (in which username, password and realm are received and an MD5
> hash string is constructed) I would be much appreciated.
>
> Regards,
> Istvan
>
>
>   

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14-03-2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14-03-2006

More information about the Users mailing list