[asterisk-dev] SIP authentication with SHA
Michael Prochaska
tm021090 at fh-stpoelten.ac.at
Thu Feb 9 23:27:45 MST 2006
hi everybody!
i've played with the LDAP realtime driver the last weeks and the outcome
of this is this question/discussion.
no idea how the driver works i've tried to authenticate against a
existing ldap with SHA passwords (a extended samba schema).
and it has worked! :-)
now i know that i can only register because the hashes doesn't start
with {md5} and so the driver works like there is no password attribute.
(i can register with a wrong password too if i try to authenticate
against SHA passwds).
ok, md5 isn't state of the art anymore. what changes are necessary to
implement SHA authentication and what are the problems?
how could a authentication against a existing ldap be achieved?
there are the following facts:
+) with http digest (md5) authentication asterisk has no chance to
authenticate against SHA
+) asterisk hash => <user>:<realm>:<secret> vs hash of "secret only"
+) i guess that most UA's do not support SHA-1 at the moment (but thats
a fact we can't influence)
what has to be done:
+) http digest authentication with SHA
+) find a solution for the "hash-problem"
any other ideas?
best regards,
michael
More information about the asterisk-dev
mailing list