[Freeswitch-dev] overriding authentication scheme on mod_sofia
Paulo Vicentini
vicentini.paulo at gmail.com
Sat Dec 18 17:35:41 MSK 2010
Yes, realm is necessary, but it is quite "static" and possible to known it
before hand
Using HA1 is very useful if you wish to prevent storing clear text password
of your trunks in the box
Paulo
On Sat, Dec 18, 2010 at 10:09 AM, Steven Ayre <steveayre at gmail.com> wrote:
> Oh ok... yes the a1-hash is in the user directory for people
> authenticating to FS... not for FS registering outwards to gateways.
>
> I remember coming across this in the past and did take a quick look at
> how to implement it.
>
> The main issue I found was that A1 contains the realm, and the realm
> is provided by the gateway in the 407 response. You don't therefore
> know the realm needed at the time you generate the A1.
>
> Yes, it would be possible to do by finding the realm the gateway is
> using and generating the A1 from that, but if the gateway changes the
> realm the A1 will no longer be valid and FS will start failing to
> authenticate.
>
> -Steve
>
>
> On 17 December 2010 21:47, Paulo Vicentini <vicentini.paulo at gmail.com>
> wrote:
> > Hi Steve
> > Yes, it is all about a1-hash
> > But I did not see support for storing HA1 for a gateway (UAC), even in
> > sofia-lib
> > So that both sofia-lib and freeswitch would need to be patched for that
> aim
> > Regards
> > Paulo
> >
> > On Fri, Dec 17, 2010 at 7:29 PM, Steven Ayre <steveayre at gmail.com>
> wrote:
> >>
> >> If you're looking to store passwords encrypted, then that is already
> >> supported.
> >>
> >> Search the Wiki for a1-hash.
> >>
> >> -Steve
> >>
> >>
> >>
> >> On 17 December 2010 21:20, Paulo Vicentini <vicentini.paulo at gmail.com>
> >> wrote:
> >> > Hi,
> >> > I would like to override the scheme used for digest authorization
> >> > Actually it is using the scheme coming from sip_www_authenticate_t in
> >> > the
> >> > sofia_reg_handle_sip_r_challenge function, ignoring scheme set in xml
> >> > configuration
> >> >
> >> > I would like something like:
> >> > if(gateway->register_scheme)
> >> > scheme = gateway->register_scheme;
> >> > before nua_authenticate(...
> >> > I am patching sofia to accept HA1
> >> > Regards
> >> > Paulo
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > FreeSWITCH-dev mailing list
> >> > FreeSWITCH-dev at lists.freeswitch.org
> >> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> >> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-dev
> >> > http://www.freeswitch.org
> >> >
> >> >
> >>
> >> _______________________________________________
> >> FreeSWITCH-dev mailing list
> >> FreeSWITCH-dev at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> >> http://www.freeswitch.org
> >
> >
> > _______________________________________________
> > FreeSWITCH-dev mailing list
> > FreeSWITCH-dev at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> > http://www.freeswitch.org
> >
> >
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20101218/52ef2acd/attachment.html
More information about the FreeSWITCH-dev
mailing list