[asterisk-users] Asterisk authentication on LDAP (SSHA and SHA passwords)
Andrew Latham
lathama at gmail.com
Sun Mar 10 12:04:46 CDT 2013
On Sun, Mar 10, 2013 at 11:37 AM, Paulo Victor Fernandes da Silva
<paulovictorsilva at gmail.com> wrote:
> hello guys,
>
> I'm working on a federal university at Brasil, we already have an openLdap
> with all users and this base is used to authenticate several services like
> email, vpn, wireless (RADIUS), and we have also Shibboleth providing SSO.
>
> During my studies of Asterisk, i see a lot of people talking about the
> incapacity of asterisk (more precisely because of SIP) to authenticate
> against a ldap that uses password encrypted for anything other than MD5.
>
> I like to know if exist any how to use Asterisk + Ldap (using SSHA and SHA
> passwords). It can be achieved in some how?
>
> PS: Sorry for my bad english.
>
> Best Regards,
> Paulo V.
Paulo
I was looking at that code a month or so ago. It should be possible
to update res_config_ldap.c to use SHA instead of MD5 when talking to
the OpenLDAP server. It is also possible, and a good idea. to
maintain a separate password/secret object(MD5/SHA) for Asterisk/PBX
to mitigate any toll fraud. Keep in mind that the password could be
deployed over HTTPS configuration and be a combination of account info
(typically MAC address of UA). Mass deployment is key in such an
infrastructure. Also take the time to catalog the user
devices/software devices that support SHA for direct LDAP directory
look up.
--
~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
More information about the asterisk-users
mailing list