[asterisk-users] Realtime + SIP + MySQL: md5secret BROKEN
Torbjörn Abrahamsson
torbjorn.abrahamsson at gmail.com
Tue Jul 29 16:29:15 CDT 2008
>
> mysql> alter table sip_buddies drop md5secret;
> Query OK, 1 row affected (0.00 sec)
> Records: 1 Duplicates: 0 Warnings: 0
>
> Suddenly, authentication works!
>
> The md5secret used was the md5 of 'qwedsa', and the value was correct.
>
> mysql> select md5('qwedsa');
> +----------------------------------+
> | md5('qwedsa') |
> +----------------------------------+
> | 4d27b7677bd96f7ba00c4bd0541c9588 |
> +----------------------------------+
> 1 row in set (0.00 sec)
>
Walter,
Not sure, but the above might be your problem.
The md5secret is NOT a MD5 sum of the secret, but of the combination
"username:realm:secret". So in your case you should add this md5secret:
mysql> select md5('walter:asterisk:qwedsa');
+----------------------------------+
| md5('walter:asterisk:qwedsa') |
+----------------------------------+
| 577061918968e961153393ef87b43e4b |
+----------------------------------+
This would explain why the tests with cleartext secrets work, and not the
ones with the md5secret. Not sure if you tried md5secrets with a static
sip.conf user definition, but the result should be a credential failure in
that case as well.
Best regards,
Torbjörn
More information about the asterisk-users
mailing list