Re: [Serusers] LDAP with SIP digest HTTP authentication

22 Feb 2004

...
   I'm trying
to develop a solution for LDAP authentication in SER,   but i have
  a question.  With digest HTTP authentication (RFC
2617) the SIP   server> doesn't have the plain password, it has a hash of 
 user:realm:password> (H(A1)).   How could a sip server authenticate 
 the users using a standard

 How do you came to this conclusion? E.g. by default SER stores the 
 plain text 
 password and H(A1) in its database. 
I wanted to say that UA don't send plain password, only a password digest.

...
   LDAP database
with this information?

 Somebody knows a solution for this?

 My ideas are to use HTTP basic authentication (not standard with   SIP) or

 Basic authentication is absolutely insecure! And basic 
 authentication is not 
 allowed according to RFC3261. You will (hopefully) not find any SIP 
 UA which 
 supports basic authentication. I think so, too.
...
   store H(A1) in
LDAP (not standard in LDAP, you need to modify the   stored> information). I
think both are bad solutions.

 Store the plain text password or H(A1) in LDAP, whatever you 
 prefer. It is 
 easy to generate H(A1) from a given plain text password. But, i want to
authenticate with an external LDAP, and usually (my case too) you can't obtain plain
passwords and you can't store new information (H(A1)) for the SIP service.

Thx.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] LDAP with SIP digest HTTP authentication