[Asterisk-Users] no plain text passwords in iax.conf

Karl Brose khb at brose.com
Mon Nov 29 19:22:42 MST 2004


Interesting question and important as passwords are scattered around 
everywhere  in Asterisk.
A central user credentials database is needed, so that a user can 
connect any which way (SIP,
H323,IAX, MGCP,etc) and use the same set of credentials.
I have a prototype implementation coded for SIP, but it will take more 
time (unless there is
some real $$$ incentive, any commercial providers willing to do 
something here?).
In addition to central management, these credentials must not get copied 
around in memory
as they are currently, there are some real infrastructure changes needed 
in the channels, which
would enhance security as well as performance.
Other than that, one could probably encrypt/decrypt passwords when 
needed, particularly when
they come out of a database, most of these solutions are probably more 
or less hacks.


Bastian Schern wrote:

> Hello Asterisk friends,
>
> is it possible to avoid plain text passwords in the iax.conf or the 
> iaxfriends MySQL database table?
>
> Regards
>     Bastian
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>




More information about the asterisk-users mailing list