[Asterisk-Users] no plain text passwords in iax.conf

Adam Hart adam at teragen.com.au
Mon Nov 29 17:35:50 MST 2004


Bastian Schern wrote:

> Adam Hart schrieb:
> 
>> Bastian Schern wrote:
>>
>>> Hello Asterisk friends,
>>>
>>> is it possible to avoid plain text passwords in the iax.conf or the 
>>> iaxfriends MySQL database table?
>>>
>>
>> Asterisk needs the plain text password to authenicate. You could wrap 
>> a base64 decode when reading the passwords, but this is obsecurity, 
>> yet simple to implement & should prevent the casual browser. I guess a 
>> more secure method would public key crypto and give asterisk the key 
>> at runtime (obviously not 100% secure either)
> 
> 
> I found out that MySQL offers some methods to store strong passwords: 
> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
> 
> But how I use this with Asterisk?
> 

That's using private key crypto, when you store the password you do 
aes_encode(password,"somekey") then when asterisk reads it, do a 
aes_decode(password,"somekey") - modify chan_iax2 when you do the select 
  - change the SQL statement: the column 'secret' to 
'aes_decode(secret,"somekey") as real_secret' then below change secret 
to real_secret.

good luck,

Adam



More information about the asterisk-users mailing list