23 Feb
2004
23 Feb
'04
11:59 a.m.
The best solution would be to have the LDAP server do the authentication
for you. You just get the digest credentials from the message, send them
to the LDAP server and the LDAP server will tell you if the user is
authenticated or not. That's how radius authentication works in ser, for
example.
The question is if there is any LDAP implementation that can do this (I
am not aware of any such).
Alternatively you can store HA1 in the LDAP server, fetch the string
from the LDAP server and do the authentication in ser. Note that HA1
string is not stronger than plaintext password.
Jan.
On 22-02 00:28, GUSTAVO GARCIA BERNARDO wrote:
Hi,
I'm trying to develop a solution for LDAP authentication in SER, but i have a
question. With digest HTTP authentication (RFC 2617) the SIP server doesn't have the
plain password, it has a hash of user:realm:password (H(A1)). How could a sip server
authenticate the users using a standard LDAP database with this information?
Somebody knows a solution for this?
My ideas are to use HTTP basic authentication (not standard with SIP) or store H(A1) in
LDAP (not standard in LDAP, you need to modify the stored information). I think both are
bad solutions.
Thank you very much.
G.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers