sipxopenacd for OpenACD v2 is compatible with this change by commit: https://github.com/dhubler/sipxecs/commit/5db1ee9ef533d19e015424ff288ed03a8890d95e
Jan Vincent Liwanag [email protected] On Tuesday, June 19, 2012 at 7:16 AM, Miguel Gonzalez wrote: > > Thanks for the reply Mircea, we are in the process of rebuilding sipxopenacd > with a change to use hshpstk instead of pntk to login. > > > > > > Hopefully hshpstk sticks around. :-) > > > > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Mircea Carasel > Sent: Monday, June 18, 2012 5:59 PM > To: sipXecs developer discussions > Subject: Re: [sipx-dev] Plain text pintoken > > > > > > > Also, I forgot to mention that the hshpstk field in Mongo contains the hashed > value of the sip password. I quickly searched through the code but I don't > see any use of that field > > > > > > > We always kept SIP password in clear text in postgres... > > > > > > > > Mircea > > > > > > > On Tue, Jun 19, 2012 at 12:46 AM, Mircea Carasel <[email protected] > (mailto:[email protected])> wrote: > > > > > > On Tue, Jun 19, 2012 at 12:22 AM, Miguel Gonzalez > <[email protected] (mailto:[email protected])> wrote: > > > Since we upgraded SipXecs on Friday it appears that when you add new users or > update an existing user, the pin token going into the users Postegres table > is plain text. We have been able to reproduce this using both the sipxconfig > users interface and the API's. It looks like the hashed value still ends up > in IMDB in the hshpstk field, but the pntk fields for both IMDB Users and > OpenACDAgents ends up as plain text. We have been fixing these manually in > both Mongo and Postgres but were wondering if this is a known issue. > > > > > > Users who end up with a plain text pin token are not able to log into OpenACD > until we manually fix them. > > > > > > We recently separated pintoken from voicemail pin > > > > pintoken now stands for user portal password and instant messaging password, > and OpenAcd password (the same password for all three) > > > > pintoken is now saved in plain text format in both postgres and imdb because > we wanted to unify user password with instant messaging password and open acd > password, and therefore we couldn't keep a one-way hash mechanism (openfire > uses a two-way hash and keeps password key in plain text, and we used to save > IM password in plain text anyway) > > > > > > > > Still the voicemail pin is kept in a one-way hash of username:password (see > Md5Encoder.java) > > > > The plan is to find a way to use a one-way hash mechanism that does not > include the realm for user portal, IM, open acd in 4.8 release. > > > > > > > > Another reason for this change was that, for example in previous sipxecs > releases we used a one-way hash of username:realm:password, and most users > had realm the same as domain name. Changing the domain name would result in a > user login failure > > > > > > > > I am not sure if OpenAcd code was aligned with this password strategy change > > > > > > > > please see: http://track.sipfoundry.org/browse/XX-10165 > > > > > > > > Hope this helps > > > > Mircea > > > > > > > > > > > > Thanks for your help > > > > > > > > > > > > Miguel Gonzalez > > > > > > Programming Manager > > > > > > PATLive > > > > > > 1.800.775.7790 x743 (tel:1.800.775.7790%20x743) > > > > > > 1.800.398.0508 (tel:1.800.398.0508) fax > > > > > > [email protected] (mailto:[email protected]) > > > > > > > > > > > > Hosted Communications | Friendly Service www.patlive.com > > (http://www.patlive.com/) > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > sipx-dev mailing list > > [email protected] (mailto:[email protected]) > > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > > > > > > > > > > > > > _______________________________________________ > sipx-dev mailing list > [email protected] (mailto:[email protected]) > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
