[Freeswitch-users] Question about a1-hash
Brian West
brian at freeswitch.org
Thu Jan 14 08:00:00 PST 2010
We don't have the password so we can't pass it to you please read: http://en.wikipedia.org/wiki/Digest_access_authentication
Its how the authentication is done and we are never given the text of the password you are however given the details so you can calculate the response and verify it without having to know the password.
/b
On Jan 14, 2010, at 9:44 AM, Mike van Lammeren wrote:
> Hello!
>
> I have written a Lua script to connect to a database and provide directory information for phones registering with FreeSWITCH.
>
> My problem is that I store an MD5 hash of the passwords in the database, so I wish there was a way to get FreeSWITCH to authenticate using the MD5 hash of the password provided by the phone, and not the password itself.
>
> According to the wiki, it is possible to pass in a parameter called a1-hash instead of the username and password. The a1-hash parameter is an MD5 hash of a string comprising the username, domain and password, separated by colons. Unfortunately, I can't generate that string, since I don't have the raw password, just the MD5 hash.
>
> I would have my Lua script do the authentication, but cannot because FreeSWITCH doesn't pass the user's password to the script.
>
> The best solution I can think of is to enter the MD5 hash of the password in the phone.
>
> Does anyone have a better idea?
>
>
> Mike van Lammeren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100114/2b70e461/attachment-0002.html
More information about the FreeSWITCH-users
mailing list