[Freeswitch-dev] overriding authentication scheme on mod_sofia

Steven Ayre steveayre at gmail.com
Sat Dec 18 15:09:38 MSK 2010 

Oh ok... yes the a1-hash is in the user directory for people
authenticating to FS... not for FS registering outwards to gateways.

I remember coming across this in the past and did take a quick look at
how to implement it.

The main issue I found was that A1 contains the realm, and the realm
is provided by the gateway in the 407 response. You don't therefore
know the realm needed at the time you generate the A1.

Yes, it would be possible to do by finding the realm the gateway is
using and generating the A1 from that, but if the gateway changes the
realm the A1 will no longer be valid and FS will start failing to
authenticate.

-Steve


On 17 December 2010 21:47, Paulo Vicentini <vicentini.paulo at gmail.com> wrote:
> Hi Steve
> Yes, it is all about a1-hash
> But I did not see support for storing HA1 for a gateway (UAC), even in
> sofia-lib
> So that both sofia-lib and freeswitch would need to be patched for that aim
> Regards
> Paulo
>
> On Fri, Dec 17, 2010 at 7:29 PM, Steven Ayre <steveayre at gmail.com> wrote:
>>
>> If you're looking to store passwords encrypted, then that is already
>> supported.
>>
>> Search the Wiki for a1-hash.
>>
>> -Steve
>>
>>
>>
>> On 17 December 2010 21:20, Paulo Vicentini <vicentini.paulo at gmail.com>
>> wrote:
>> > Hi,
>> > I would like to override the scheme used for digest authorization
>> > Actually it is using the scheme coming from sip_www_authenticate_t in
>> > the
>> > sofia_reg_handle_sip_r_challenge function,  ignoring scheme set in xml
>> > configuration
>> >
>> > I would like something like:
>> > if(gateway->register_scheme)
>> >     scheme = gateway->register_scheme;
>> > before nua_authenticate(...
>> > I am patching sofia to accept HA1
>> > Regards
>> > Paulo
>> >
>> >
>> >
>> > _______________________________________________
>> > FreeSWITCH-dev mailing list
>> > FreeSWITCH-dev at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> > http://www.freeswitch.org
>> >
>> >
>>
>> _______________________________________________
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
>

More information about the FreeSWITCH-dev mailing list