<div>Yes, realm is necessary, but it is quite "static" and possible to known it before hand<br></div><div>Using HA1 is very useful if you wish to prevent storing clear text password of your trunks in the box </div>
<div><br></div><div>Paulo</div><div><br></div><br><div class="gmail_quote">On Sat, Dec 18, 2010 at 10:09 AM, Steven Ayre <span dir="ltr"><<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Oh ok... yes the a1-hash is in the user directory for people<br>
authenticating to FS... not for FS registering outwards to gateways.<br>
<br>
I remember coming across this in the past and did take a quick look at<br>
how to implement it.<br>
<br>
The main issue I found was that A1 contains the realm, and the realm<br>
is provided by the gateway in the 407 response. You don't therefore<br>
know the realm needed at the time you generate the A1.<br>
<br>
Yes, it would be possible to do by finding the realm the gateway is<br>
using and generating the A1 from that, but if the gateway changes the<br>
realm the A1 will no longer be valid and FS will start failing to<br>
authenticate.<br>
<br>
-Steve<br>
<div><div class="h5"><br>
<br>
On 17 December 2010 21:47, Paulo Vicentini <<a href="mailto:vicentini.paulo@gmail.com">vicentini.paulo@gmail.com</a>> wrote:<br>
> Hi Steve<br>
> Yes, it is all about a1-hash<br>
> But I did not see support for storing HA1 for a gateway (UAC), even in<br>
> sofia-lib<br>
> So that both sofia-lib and freeswitch would need to be patched for that aim<br>
> Regards<br>
> Paulo<br>
><br>
> On Fri, Dec 17, 2010 at 7:29 PM, Steven Ayre <<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>> wrote:<br>
>><br>
>> If you're looking to store passwords encrypted, then that is already<br>
>> supported.<br>
>><br>
>> Search the Wiki for a1-hash.<br>
>><br>
>> -Steve<br>
>><br>
>><br>
>><br>
>> On 17 December 2010 21:20, Paulo Vicentini <<a href="mailto:vicentini.paulo@gmail.com">vicentini.paulo@gmail.com</a>><br>
>> wrote:<br>
>> > Hi,<br>
>> > I would like to override the scheme used for digest authorization<br>
>> > Actually it is using the scheme coming from sip_www_authenticate_t in<br>
>> > the<br>
>> > sofia_reg_handle_sip_r_challenge function, ignoring scheme set in xml<br>
>> > configuration<br>
>> ><br>
>> > I would like something like:<br>
>> > if(gateway->register_scheme)<br>
>> > scheme = gateway->register_scheme;<br>
>> > before nua_authenticate(...<br>
>> > I am patching sofia to accept HA1<br>
>> > Regards<br>
>> > Paulo<br>
>> ><br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > FreeSWITCH-dev mailing list<br>
>> > <a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.freeswitch.org</a><br>
>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev</a><br>
>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-dev</a><br>
>> > <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> ><br>
>> ><br>
>><br>
>> _______________________________________________<br>
>> FreeSWITCH-dev mailing list<br>
>> <a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.freeswitch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-dev</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
> _______________________________________________<br>
> FreeSWITCH-dev mailing list<br>
> <a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-dev</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
<br>
_______________________________________________<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-dev</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br>