22 Apr
2014
22 Apr
'14
7:03 p.m.
Hello,
the constraint to have access to text password or HA1 format (md5 over
username, password, realm) comes from WWW Authentication mechanism which
is used by SIP.
Writing something different in kamailio would be possible (it is open
source), but you don't have phones able to do it and provide the
adequate details.
The only alternative now is using tls/ssl client certificates that
attest who is the user/phone.
Cheers,
Daniel
On 21/04/14 13:56, Yoann Gini wrote:
Hello,
My users are managed on a common LDAP / Kerberos setup. I don’t have
access in any ways to the user password in clear text mode.
I’ve start to follow this tutorial
http://www.kamailio.org/wiki/tutorials/mini-howto-admin/ldap-user-auth and
check this documenation
http://kamailio.org/docs/modules/4.1.x/modules/ldap.html
But it seems LDAP module provided in Kamailio don’t handle this
scenario, it except to have user password in clear text mode in the
LDAP database (wrong in so many ways…).
Do we have a way with existing Kamailio plugin to use a authentication
backend who don’t provide access to clear text password?
I provide different authentication « adapter » who can help any
service not compatible with Kerberos to handle authentication:
- ldap bind
- sasl
- pam
Do we’ve a way to use one of this backend as an authentication service
(and not just a users database).
Best regards,
Yoann
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda