I'm trying to develop a solution for LDAP authentication in SER,
but i have
a question. With digest HTTP authentication (RFC 2617) the SIP
server> doesn't have the plain password, it has a hash of user:realm:password> (H(A1)). How could a sip server authenticate the users using a standard
How do you came to this conclusion? E.g. by default SER stores the plain text password and H(A1) in its database.
I wanted to say that UA don't send plain password, only a password digest.
LDAP database with this information?
Somebody knows a solution for this?
My ideas are to use HTTP basic authentication (not standard with
SIP) or
Basic authentication is absolutely insecure! And basic authentication is not allowed according to RFC3261. You will (hopefully) not find any SIP UA which supports basic authentication.
I think so, too.
store H(A1) in LDAP (not standard in LDAP, you need to modify the
stored> information). I think both are bad solutions.
Store the plain text password or H(A1) in LDAP, whatever you prefer. It is easy to generate H(A1) from a given plain text password.
But, i want to authenticate with an external LDAP, and usually (my case too) you can't obtain plain passwords and you can't store new information (H(A1)) for the SIP service.
Thx.