That's awesome! I should have noticed those 32-character strings in the parameters passed to the script. Thanks!<div><br></div><div>It's a little off-topic, but I'm glad to see someone using digest authentication. It's too bad that it was un-supported by browsers for so long, that no one touched it for web apps. The choice is either use basic authentication, which is plaintext, or switch to https. With https, not everyone realizes that the web server, and any apps, can see the password in plain text.</div>
<div><br></div><div>Mike van Lammeren<br><div><br><br><div class="gmail_quote">On Thu, Jan 14, 2010 at 11:00 AM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word">We don't have the password so we can't pass it to you please read: <a href="http://en.wikipedia.org/wiki/Digest_access_authentication" target="_blank">http://en.wikipedia.org/wiki/Digest_access_authentication</a><div>
<br></div><div>Its how the authentication is done and we are never given the text of the password you are however given the details so you can calculate the response and verify it without having to know the password.</div>
<div><br></div><font color="#888888"><div>/b</div></font><div><div></div><div class="h5"><div><br><div><div>On Jan 14, 2010, at 9:44 AM, Mike van Lammeren wrote:</div><br><blockquote type="cite"><span style="border-collapse:separate;font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Hello!<div>
<br></div><div>I have written a Lua script to connect to a database and provide directory information for phones registering with FreeSWITCH.</div><div><br></div><div>My problem is that I store an MD5 hash of the passwords in the database, so I wish there was a way to get FreeSWITCH to authenticate using the MD5 hash of the password provided by the phone, and not the password itself.</div>
<div><br></div><div>According to the<span> </span><a href="http://wiki.freeswitch.org/wiki/XML_User_Directory_Guide" target="_blank">wiki</a>, it is possible to pass in a parameter called<span> </span><i>a1-hash</i><span> </span>instead of the username and password. The a1-hash parameter is an MD5 hash of a string comprising the username, domain and password, separated by colons. Unfortunately, I can't generate that string, since I don't have the raw password, just the MD5 hash.</div>
<div><br></div><div>I would have my Lua script do the authentication, but cannot because FreeSWITCH doesn't pass the user's password to the script.</div><div><br></div><div>The best solution I can think of is to enter the MD5 hash of the password in the phone.</div>
<div><br></div><div>Does anyone have a better idea?</div><div><br></div><div><br></div><div>Mike van Lammeren</div></span></blockquote></div><br></div></div></div></div><br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>