[asterisk-dev] SIP authentication with SHA

Michael Prochaska tm021090 at fh-stpoelten.ac.at
Thu Feb 9 23:27:45 MST 2006

hi everybody!

i've played with the LDAP realtime driver the last weeks and the outcome 
of this is this question/discussion.

no idea how the driver works i've tried to authenticate against a 
existing ldap with SHA passwords (a extended samba schema).

and it has worked! :-)

now i know that i can only register because the hashes doesn't start 
with {md5} and so the driver works like there is no password attribute. 
(i can register with a wrong password too if i try to authenticate 
against  SHA passwds).

ok, md5 isn't state of the art anymore. what changes are necessary to 
implement SHA authentication and what are the problems?
how could a authentication against a existing ldap be achieved?

there are the following facts:
+) with http digest (md5) authentication asterisk has no chance to 
authenticate against SHA
+) asterisk hash => <user>:<realm>:<secret> vs hash of "secret only"
+) i guess that most UA's do not support SHA-1 at the moment (but thats 
a fact we can't influence)

what has to be done:
+) http digest authentication with SHA
+) find a solution for the "hash-problem"

any other ideas?

best regards,

More information about the asterisk-dev mailing list