Hey Karl,
It might be possible to use encrypted mysql passwords - someone else on the list seems to have mentioned that it might be possible, but I haven't used this before. Otherwise, use radius authentication and it's up to you how you get radius to store the passwords (which could be in a mysql database...) hope that helps slightly?!
Dave
________________________________
From: karl [mailto:ser_newbie@yahoo.com] Sent: 13 October 2004 16:28 To: Dave Bath; serusers@lists.iptel.org Subject: RE: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi Dave,
Thanks for your response. Does this mean that it is not possible to achieve this mysql authentication. I happen to be using mysql.
Thanks once again.
Karl
Dave Bath dave@fuuz.com wrote:
Karl,
You could try using radius authentication. Just google the archives for some docs on how to use it.
Dave
________________________________
From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of karl Sent: 12 October 2004 08:13 To: serusers@lists.iptel.org Subject: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
________________________________
Do you Yahoo!? vote.yahoo.com http://vote.yahoo.com/ - Register online to vote today!
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
________________________________
Do you Yahoo!? Yahoo! Mail Address AutoComplete http://us.rd.yahoo.com/mail_us/taglines/aac/*http:/promotions.yahoo.com /new_mail/static/ease.html - You start. We finish.
Hi Antonio,
Thanks for your feedback.
Actually, as you suggested I had already tried adding the following modparam statements in the ser.cfg file:
modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "password_column", "ha1")
.... and their effect is such that user authentication makes use of the hashed password in the "ha1" password column created during user creation using "serctl add" command.
On the other hand, what I am really after is that on user creation using serctl add command, the password column "password" is not left in plain text. Is this possible? or is it still required for SerWeb authentication?
One final thing, I have not added the following modparam statement:
modparam("auth_db", "user_column", "username")
.... it is so by default.
Thanks
Karl
Antonio Rabena antonio@lgatelecom.net wrote:You can use ha1.
modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "user_column", "username") modparam("auth_db", "password_column", "ha1")
Dave Bath wrote: v:* {behavior:url(#default#VML);}o:* {behavior:url(#default#VML);}w:* {behavior:url(#default#VML);}.shape {behavior:url(#default#VML);}st1:*{behavior:url(#default#ieooui) } Hey Karl,
It might be possible to use encrypted mysql passwords � someone else on the list seems to have mentioned that it might be possible, but I haven�t used this before. Otherwise, use radius authentication and it�s up to you how you get radius to store the passwords (which could be in a mysql database�) hope that helps slightly?!
Dave
---------------------------------
From: karl [mailto:ser_newbie@yahoo.com] Sent: 13 October 2004 16:28 To: Dave Bath; serusers@lists.iptel.org Subject: RE: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi Dave,
Thanks for your response. Does this mean that it is not possible to achieve this mysql authentication. I happen to be using mysql.
Thanks once again.
Karl
Dave Bath dave@fuuz.com wrote:
Karl,
You could try using radius authentication. Just google the archives for some docs on how to use it.
Dave
---------------------------------
From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of karl Sent: 12 October 2004 08:13 To: serusers@lists.iptel.org Subject: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
--------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!
Hi Dave,
Thanks for your feedback.
Actually, as suggested by Antonio from another mail, I have already tried adding the following modparam statements in the ser.cfg file:
modparam("auth_db", "calculate_ha1", 0) modparam("auth_db", "password_column", "ha1")
.... and their effect is such that user authentication makes use of the hashed password in the "ha1" password column created during user creation using "serctl add" command.
On the other hand, what I am really after is that on user creation using serctl add command, the password column "password" is not left in plain text. Is this possible? or is it still required for SerWeb authentication?
One final thing, I have not added the following modparam statement:
modparam("auth_db", "user_column", "username")
.... it is so by default.
Thanks
Karl
Dave Bath dave@fuuz.com wrote:v:* {behavior:url(#default#VML);}o:* {behavior:url(#default#VML);}w:* {behavior:url(#default#VML);}.shape {behavior:url(#default#VML);}st1:*{behavior:url(#default#ieooui) } Hey Karl,
It might be possible to use encrypted mysql passwords � someone else on the list seems to have mentioned that it might be possible, but I haven�t used this before. Otherwise, use radius authentication and it�s up to you how you get radius to store the passwords (which could be in a mysql database�) hope that helps slightly?!
Dave
---------------------------------
From: karl [mailto:ser_newbie@yahoo.com] Sent: 13 October 2004 16:28 To: Dave Bath; serusers@lists.iptel.org Subject: RE: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi Dave,
Thanks for your response. Does this mean that it is not possible to achieve this mysql authentication. I happen to be using mysql.
Thanks once again.
Karl
Dave Bath dave@fuuz.com wrote:
Karl,
You could try using radius authentication. Just google the archives for some docs on how to use it.
Dave
---------------------------------
From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of karl Sent: 12 October 2004 08:13 To: serusers@lists.iptel.org Subject: [Serusers] Avoiding storing passwords in mysql "subscriber" tablein clear-text
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
---------------------------------
Do you Yahoo!? vote.yahoo.com - Register online to vote today!
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
---------------------------------
Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish.
--------------------------------- Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish.