Hi Antonio,
Following our previous communication re the above subject, I have recently found the time
to understand and try out your interesting suggested solution as per email below.
Actually, the solution regarding "ser" worked perfectly well.
However, I am still stuck in the serweb part, in a sense that a user whose password is no
longer saved in clear-texts is then unable to log into serweb. It appears as if serweb
requires use of clear-text passwords for authentication.
I am currently using CVS Ser 99,and have noted that your reference to the last part of the
config.php change the line, namely "$this->clear_text_pw=1;" instead reads
$config->clear_text_pw=1;
Thank you in advanced for any further help, while wishing you and all SER users a Happy
New Year.
-----Original Message-----
From: Antonio Rabena [mailto:antonio@lgatelecom.net]
Sent: 18 October 2004 10:12
To: karl
Subject: Re: [Serusers] Avoiding storing passwords in mysql "subscriber" table
in clear-text
You can modify the serctl to store empty value on the password column in mysql subscriber
table.
e.g.
QUERY="update $TABLE \
set $HA1_COLUMN='$HA1', $HA1B_COLUMN='$HA1B',
$PASSWORD_COLUMN='' \
, $SUB_MODIFIED_COLUMN=now() \
WHERE $SUBSCRIBER_COLUMN='$1' and
$REALM_COLUMN='$SIP_DOMAIN';"
and
QUERY="insert into $TABLE \
($SUBSCRIBER_COLUMN,$REALM_COLUMN,$HA1_COLUMN,\
$HA1B_COLUMN,$PASSWORD_COLUMN,$EMAIL_COLUMN, $SUB_CREATED_COLUMN, \
$PHP_LIB_COLUMN ) \
values
('$1','$SIP_DOMAIN','$HA1','$HA1B','',
'$3', now(), '$HA1' );";
for the serweb..
on the last part of the config.php change the line from
$this->clear_text_pw=1;
to
$this->clear_text_pw=0;
Regards,
Antonio
karl wrote:
Thanks Jan for your feedback.
I may confirm that serctl is generating the follow values:
i) Plain text in the "password" column.
ii) Enrcrypted text in the "ha1" column.
iii) Encrypted text in the "ha1b" column.
However, I refer back to my original objective, namely that while I still require users to
be authenticated against user credentials (username, password, realm), on the other hand I
want to avoid storing passwords in clear text in mysql "subscriber" table, when
creating new user accounts using the serctl add command.
Thanks
Karl
Jan Janak <jan(a)iptel.org> wrote:
Make sure that you have proper values in ha1 column (generated
automatically by serctl, if not then you can use gen_ha1 utility to
generate the hashes from plaintext password) and set:
modparam("auth_db", "calculate_ha1", no)
modparam("auth_db", "password_column", ha1)
Jan.
On 12-10 00:12, karl wrote:
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to
be authenticated against user credentials (username, password, realm), on the other hand I
want to avoid storing passwords in clear text in mysql "subscriber" table. Any
ideas?
Thank you in advanced.
Best regards,
Karl
ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
---------------------------------
Do you Yahoo!?
Meet the all-new My Yahoo! � Try it today!