6 Jun
2013
6 Jun
'13
5:35 p.m.
Hello,
On 6/6/13 11:05 AM, Daniel Pocock wrote:
I was just looking over:
http://kb.asipto.com/asterisk:realtime:kamailio-3.3.x-asterisk-10.7.0-astdb
A couple of things I noticed:
- Kamailio is using a column sippasswd which is not hashed. Asterisk
doesn't use that column at all. Is there any reason this can't be done
with the H(A1) and H(A1b) columns? The INSERT example shows a
non-encrypted password.
you can store hashed value there. In Kamailio is just a matter of config
parameter/function parameter to say the loaded value is either plain
text or ha1.
- Is it all considered valid for Kamailio 4 and Asterisk 11? (maybe a
disclaimer could be added at the top)
There is another one for K4.0 and A11:
-
http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
Not many changes and apparently there are newer updates in asterisk
database structure on latest RC of 11.3.x.
- The Asterisk columns `md5secret' and `secret' are left empty so that
Asterisk won't challenge. I believe there are other ways of doing this:
for example, telling Kamailio to be the registrar and forcing Asterisk
to use outbound proxy mode. I managed to make this work against repro -
Asterisk no longer receives any REGISTER messages, but all INVITEs go
through Asterisk, so the double-challenge problem only arises for
INVITEs. Maybe Asterisk can be told that Kamailio's source IP:port is
`trusted' and doesn't need to be challenged - is anybody aware of such
an option in Asterisk?
There are various ways of doing it, this particular one
tried to be at
least intrusive as possible in asterisk, not to require changing a
deployed asterisk configuration.
For a new deployment, other approach is more recommended, using kamailio
as outbound proxy.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
* http://asipto.com/u/katu *