Hi Volkan,
Normally, in the auth reply, you need to use the realm received in the
challenge. So, if you want to be 100% RFC compliant, you should not keep
the HA1, but calculate it each time, with the received realm.
If you still want to use pre-computed HA1 and go around the variable
realms, you may simply load the HA1 via sql_ops and feed into pv_auth
function - no need for auth_db
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 02.07.2025 13:50, Volkan Oransoy wrote:
Hi all
I store user authentication data on a subscriber table with
precalculated hashes for obvious reasons. Lately we are having issues
with these new AI conversations services. They send requests with
random realms, especially with IP addresses. What I understand, if I
store the plain text password and calculate ha1 at request time, I can
accept these requests even if the realm is different. But I don't want
to do that. I tried to tweak auth_db, when I set `use_domain` to 0,
Opensips does not add the realm to the query but still use is on ha1
challenge since the RFC requires I think.
Is there a best practice to handle this issue?
Best regards
--
Volkan Oransoy
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
