[Freeswitch-users] a1-hash for reverse-auth-pass
Steven Ayre
steveayre at gmail.com
Fri Feb 7 15:47:44 MSK 2014
Probably possible with a patch to sofia_reg.c lines 2414-2435, but it'll
only work if you know the Realm the phone sends in advance.
A1 hash can work easily inbound since the server sets the realm and so you
know it, but it'll be far more unpredictable with user endpoints. In
particular it'll work when they call from one phone and fail from others
when they don't use the same realm.
It'll also rely on the Sofia-SIP stack exposing the ability - looking at
the API I don't see an equivalent of NUTAG_AUTH that takes a hash.
On 6 February 2014 21:05, Yuriy Nasida <nasida at live.ru> wrote:
> Guys,
>
> I think you all know there is perfect thing like a1-hash which allow us
> don't keep passwords as plain text.
> But what about reverse-auth-pass ?
> I really use this feature a lot. reverse-auth-pass should be equal a
> user's password as far as I know.
> How can I don't keep reverse-auth-pass as plain text as well ?
>
> Any thought?
> Thanks.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140207/532f9b42/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list