Re: [SR-Users] Meddling with password during authentication

I am not sure if i understand your question correctly, but if you want to use any authentication source or encryption algorithm (for back-end storage, e.g. for compliance with PCI DSS v2.0 and above) other then standard db and ha1 hash then you may consider using pv_auth_check, http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.f.pv_auth_che… just query whatever subscriber back-end you have, fetch the password (decrypt according to your architecture requirements) and supply it to this method through AVP. I recommend never to use plain text passwords, even in this scenario (you should make ha1 hash before encrypting it specific to your back-end requirements, so that when kamailio script decrypts it at run time, it would get ha1 hash, rather then plaintext, thus keep it somewhat safe even against memory exploits from remote hackers). Regarding the digest response hash sent by client, no it is not possible to decrypt it (at least under normal circumstance). You may find ways to modify the response hash, but it would be most likely pointless (since you do not know what was actually entered by the user as password). Thank you. On Fri, Dec 26, 2014 at 7:33 PM, Olli Heiskanen < ohjelmistoarkkitehti(a)gmail.com&gt; wrote: