Hi
so what is the way to transport
passwords?
TIA
Ranjit
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Arunachalam Venkatraman
Sent: Monday, November 04, 2002 10:38 PM
To: Avshalom Houri; [EMAIL PROTECTED]
Cc: Ran Bar-Lavie
Subject: RE: [Sip-implementors] LDAP servers and SIP AuthenticationHow about storing H(A1), instead of the password, in the LDAP server?This is actually discussed in RFC2617 in section 3.2.2.1-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Avshalom Houri
Sent: Monday, November 04, 2002 10:00 AM
To: [EMAIL PROTECTED]
Cc: Ran Bar-Lavie
Subject: [Sip-implementors] LDAP servers and SIP Authentication
Since basic authentication has been deprecated from SIP and LDAP servers do not
support a uniform way for querying passwords. It seems that there is a problem with
using SIP with LDAP server as a directory.
For example, some LDAP servers return the user's password hashed (using MD5 or SHA
or something else) but we cannot compare this with the hashed password from the client,
even if the same hashing algorithm was used, because LDAP returns only the password
hashed, while the client-supplied hash includes more info in the digest. The only way we
can do this is by getting the password cleartext from LDAP, and do our own digest, but most
LDAP servers do not allow that, not even for the directory admin.
Any ideas?
Thanks
Avshalom
