[Asterisk-Users] no plain text passwords in iax.conf

Bastian Schern ml01 at in-bln.de
Mon Nov 29 18:24:30 MST 2004


Adam Hart schrieb:
> Bastian Schern wrote:
> 
>> Adam Hart schrieb:
>>
>>> Bastian Schern wrote:
>>>
>>>> Hello Asterisk friends,
>>>>
>>>> is it possible to avoid plain text passwords in the iax.conf or the 
>>>> iaxfriends MySQL database table?
>>>>
>>>
>>> Asterisk needs the plain text password to authenicate. You could wrap 
>>> a base64 decode when reading the passwords, but this is obsecurity, 
>>> yet simple to implement & should prevent the casual browser. I guess 
>>> a more secure method would public key crypto and give asterisk the 
>>> key at runtime (obviously not 100% secure either)
>>
>>
>>
>> I found out that MySQL offers some methods to store strong passwords: 
>> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
>>
>> But how I use this with Asterisk?
>>
> 
> That's using private key crypto, when you store the password you do 
> aes_encode(password,"somekey") then when asterisk reads it, do a 
> aes_decode(password,"somekey") - modify chan_iax2 when you do the select 
>  - change the SQL statement: the column 'secret' to 
> 'aes_decode(secret,"somekey") as real_secret' then below change secret 
> to real_secret.
> 

What is about the field md5secret similar to sip.conf?
Is that not a solution for iax.conf?

	Bastian



More information about the asterisk-users mailing list