[asterisk-dev] Plaintext auth support in IAX2
tilghman at meg.abyt.es
Mon Nov 4 11:55:21 CST 2013
On Mon, Nov 4, 2013 at 11:10 AM, Matthew Jordan <mjordan at digium.com> wrote:
> On Mon, Nov 4, 2013 at 2:21 AM, Eugene Varnavsky <varnavruz at gmail.com>
>> I propose number of solutions, from more to less radical. Choose one:
>> 1. Remove plaintext auth support completely (patch does this)
>> 2. Accept, but never send plaintext passwords
>> 3. Accept and send plaintext passwords, but never use plaintext auth by
>> default (current defaults are MD5 first, plaintext second)
>> 4. Declare plaintext auth deprecated, add warnings to logs and
>> I will make a patch for any of these variants, based on what community
> Here's what I'd recommend:
> In Asterisk 12, patch chan_iax2 to emit a WARNING if auth=plaintext is used.
> That WARNING should tell a user that the option is deprecated.
> Additionally, add a note in UPGRADE that the plaintext option has been
> In trunk (Asterisk 13), remove support for "plaintext". This means:
> If a user specified "plaintext", emit an ERROR and reject loading chan_iax2.
> Users should not be allowed to load the channel driver with an invalid
> configuration, and you don't want to "help them" with their authentication
> Remove support for plaintext authentication in the code.
> Add a note in UPGRADE that support for plaintext has been removed.
> Matthew Jordan
> Digium, Inc. | Engineering Manager
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at: http://digium.com & http://asterisk.org
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
More information about the asterisk-dev