Re: [Users] Authentication and Password encryption using dbtext

Thu, 16 Mar 2006 09:45:46 -0800

Thank you for the instructions and links. I loaded OpenSER on a test WRT54GL without a problem.
Using the web interface, a new account was added and the dbtext entry appeared to be created properly. 


Then pointed an IP phone (SPA-841) to the WRT54GL and it appeared to 
register as indicated by the
green line light on the phone.  The web interface did show detailed 
information about the SPA-841.



I was not successful in completing an outbound call so started looking 
at the default milkfish_openser.cfg
file.  Tried adding xlog statements only to find that a very small 
subset of the OpenSER modules were
installed.  This may have been done to save space because after the 
installation of "milkfish", "rtpproxy" and

"openser", the WRT54GL space utilization jumped to about 95%.


While the system isn't fully functional, it appears that there isn't an 
issue with the password generation.  Note
that I didn't touch the distributed milkfish_openser.cfg file during 
this test.


Regards,
Norm


Istvan Hubay Cebrian wrote:

Hi Norman,
Milkfish.org provides various packages, you can download binaries that
already include OpenWRT and the latest release of Milkfish/OpenSER (

http://developer.berlios.de/project/showfiles.php?group_id=3690 ) and 
simply
flash this file to your router. Instructions on how to do this are 
available
at the milkfish wiki: 
http://wiki.milkfish.org/index.php?n=Boozy.StepByStep

this is probably the best option.


Alternatively you can firstly install OpenWRT (RC4 required) and then 
use
ipkg (similar to apt-get) to retrieve and install milkfish packages 
which

include OpenSER and Milkfish configuration files.

To do this you will first need a router running OpenWRT RC4 and already

configured, then you will need to edit /etc/ipkg.conf and add the 
line 'src

milkfish http://packages.milkfish.org/boozy/'.
Keep in mind that most files (particularly in /etc) are sym links to the

read-only fs located in /rom. Therefore you will need to remove the 
sym link
/etc/ipgk.conf that points to /rom/etc/ipkg.conf, and copy the 
original from

/rom/etc/ipkg.conf to /etc/ and only then can you edit.


Once you're done run 'ipkg install milkfish' this will install 
OpenSER and
Milkfish configuration files and depending on your needs you can run 
'ipkg

install rtpproxy'.


I had a few problems initially namely every installed script had as 
owner

'1000' I had to change this to 'root' so that the web interface ran

correctly. This should probably be enough however you should take a 
look at

the milkfish wiki for more detailed instructions.
Hope this helps.

Regards,
Istvan

-----Original Message-----

From: Norman Brandinger [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 15 
de Março de 2006 16:38

To: Istvan Hubay Cebrian
Cc: [email protected]
Subject: Re: [Users] Authentication and Password encryption using dbtext

Hi Istvan,


Just last night I loaded dd-wrt (v23) on a WRT54G.  It loaded SER, 
not OpenSER which was pretty slick but I would rather have OpenSER on 
it :)



Can you send me the package you created, or instructions on creating 
a package myself ?  Once OpenSER is loaded on the WRT54G, I'll try to 
give you a hand in resolving this problem.



I've been to the milkfish site in the past but didn't have the time 
to dig into it.  I think that a linux (not FreeBSD) development 
environment is required.  If this is the case, it will take me a 
little while to get up to speed as linux isn't for anything over here 
(which means that we would have to re-task an existing machine or 
build up a new one).


Regards,
Norm
norm at goes dot com


Istvan Hubay Cebrian wrote:

 

Hi,

I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
www.milkfish.org ).

I have read through all available documentation concerning 
authentication
and dbtext and I have configured OpenSER such that an MD5 hash 
string is

stored in the subscribers file.
However (and this may-be specific to milkfish) the password was also

    

always

 

being stored as text. After editing and removing the parameter that 
stored
the password as text in 'dbtextctl' authentication no longer works. 
This
IMHO is because the UA is sending the password as text which is then 
being

compared to the MD5 hash string, this test obviously fails.


One solution would be to receive the password as text, then 
construct the

MD5 hash string then compare, however I don't know how to do this.


I have looked through openser.cfg but I can't seem to make heads or 
tails
    

of

 

(particularly the www_authorize and challenge part):


if (method=="REGISTER")         {                             
                if (uri==myself)

                {

                        #wants to register only at router, no 
external SIP

provider                          #log(1, "internal REGISTER\n");
                        #make entry at local registrar
                if (!www_authorize("", "subscriber")) {
                        www_challenge("", "0");
                    exit;
                };                                   save("location");
                }

                else                    {       
                        #wants to register at external SIP provider 
                        #log(1, "external REGISTER\n");
                        #check if user is already registered at 
internal

registrar                         if (!lookup("location"))
                        {
                                #if not do a drive-by registration
                                #for registration at internal registrar

                                #without a reply 
                                save_noreply("location");       
                        };

                        #Fixing of private address in contact hf

                        fix_nated_contact("217.189.167.187"); 
                        route(1);

                };
                return;

                                     };  
If anyone could explain what is happening above, or how I could 
accomplish
what I need (in which username, password and realm are received and 
an MD5

hash string is constructed) I would be much appreciated.

Regards,
Istvan



      



  






_______________________________________________
Users mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/users














    











					Reply via email to