M. Ranganathan wrote: > On Fri, Aug 7, 2009 at 3:54 PM, Damian Krzeminski<[email protected]> wrote: >> Dale Worley wrote: >>> On Fri, 2009-08-07 at 11:38 -0400, M. Ranganathan wrote: >>>> I would like to get some pointers on how I can access the In Memory >>>> Database that holds the SIP passwords of user accounts. I need to >>>> access the SIP passwords for the third party call controller. >>> If you're using Java, I would say "Don't". (http://tinyurl.com/l7aftb) >>> Since the credentials table is generated by sipXconfig, you can pull the >>> data out of the Postgres database using the same code that sipXconfig >>> does. >>> >> I cannot stop anyone from reading SIPXCONFIG DB but I do not think this is >> a good idea. >> First of all "generating" credentials data is not the same as reading it >> from the DB. The other things is sipXconfig reserves the rights to change >> the database schema so you'd have to track the changes and adapt. And the >> third thing is that sipXconfig DB is only available locally (you can change >> it but if you do you have to start worry about securing it appropriately). >> If reading IMDB from Java is really such a hassle sipXconfig can produce >> credential data in other formats. >> D. >> > > After a little help on the specifics from Mardy, I successfully issued > a query to IMDB from sipx supervisor and get back records that look > like this : > > > <member> > > <name>uri</name><value><string>sip:[email protected]</string></value> > </member> > <member> > > <name>passtoken</name><value><string>808382d42c626541efc8eaf888be2875</string></value> > </member>\n<member> > <name>realm</name> > <value><string>sipxtest.sipxtest.net</string></value> > </member> > <member> > <name>authtype</name><value><string>DIGEST</string></value> > </member> > > > I assume here that the passtoken is the password which has been > encoded. To save me some digging time, can somebody let me know how is > this password is encoded? Can one extract the plain text password from > this? >
It's HA1: HA1 = MD5(A1) = MD5(username:realm:password) (you can also check in org.sipfoundry.sipxconfig.common.MD5Encoder) You cannot extract clear text password from that. But you should not need them for anything (since clear text passwords should be only used to produce HA1 for sipXecs realm anyway). D. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
