Re: [Users] Authentication and Password encryption using dbtext

[Daniel-Constantin Mierla]

Hello,

On 03/15/06 18:25, Istvan Hubay Cebrian wrote:
Hi,
I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
www.milkfish.org ). 

I have read through all available documentation concerning authentication
and dbtext and I have configured OpenSER such that an MD5 hash string is
stored in the subscribers file. 

However (and this may-be specific to milkfish) the password was also always
being stored as text. After editing and removing the parameter that stored
the password as text in 'dbtextctl' authentication no longer works. This
IMHO is because the UA is sending the password as text which is then being
compared to the MD5 hash string, this test obviously fails.

One solution would be to receive the password as text, then construct the
MD5 hash string then compare, however I don't know how to do this.
  
you can store the HA1 string and then set the proper parameters of 
auth_db module, see:
http://openser.org/docs/modules/1.0.x/auth_db.html

-- just look at password_column and calculate_ha1 parameters.

Cheers,
Daniel


I have looked through openser.cfg but I can't seem to make heads or tails of
(particularly the www_authorize and challenge part):

if (method=="REGISTER") 
        {                             
                if (uri==myself)
                {
                        #wants to register only at router, no external SIP
provider  
                        #log(1, "internal REGISTER\n");
                        #make entry at local registrar
                        if (!www_authorize("", "subscriber")) {
                                www_challenge("", "0");
                                exit;
		        };           
                        save("location");
                }
                else    
                {       
                        #wants to register at external SIP provider 
                        #log(1, "external REGISTER\n");
                        #check if user is already registered at internal
registrar 
                        if (!lookup("location"))
                        {
                                #if not do a drive-by registration
                                #for registration at internal registrar
                                #without a reply 
                                save_noreply("location");       
                        };
                        #Fixing of private address in contact hf
                        fix_nated_contact("217.189.167.187"); 
                        route(1);
                };
                return;
                             
        };   

If anyone could explain what is happening above, or how I could accomplish
what I need (in which username, password and realm are received and an MD5
hash string is constructed) I would be much appreciated.

Regards,
Istvan


  

_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users