[Asterisk-Users] no plain text passwords in iax.conf
Bastian Schern
ml01 at in-bln.de
Mon Nov 29 18:24:30 MST 2004
Adam Hart schrieb:
> Bastian Schern wrote:
>
>> Adam Hart schrieb:
>>
>>> Bastian Schern wrote:
>>>
>>>> Hello Asterisk friends,
>>>>
>>>> is it possible to avoid plain text passwords in the iax.conf or the
>>>> iaxfriends MySQL database table?
>>>>
>>>
>>> Asterisk needs the plain text password to authenicate. You could wrap
>>> a base64 decode when reading the passwords, but this is obsecurity,
>>> yet simple to implement & should prevent the casual browser. I guess
>>> a more secure method would public key crypto and give asterisk the
>>> key at runtime (obviously not 100% secure either)
>>
>>
>>
>> I found out that MySQL offers some methods to store strong passwords:
>> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
>>
>> But how I use this with Asterisk?
>>
>
> That's using private key crypto, when you store the password you do
> aes_encode(password,"somekey") then when asterisk reads it, do a
> aes_decode(password,"somekey") - modify chan_iax2 when you do the select
> - change the SQL statement: the column 'secret' to
> 'aes_decode(secret,"somekey") as real_secret' then below change secret
> to real_secret.
>
What is about the field md5secret similar to sip.conf?
Is that not a solution for iax.conf?
Bastian
More information about the asterisk-users
mailing list