10 Apr
2015
10 Apr
'15
10:23 a.m.
Hello,
I'd like to authenticate Kamailio users in LDAP. But it looks like
Kamailio need to download password from LDAP and authenticate
user on it's own. Is there any possibility to send password to LDAP
and let LDAP to say, if the user can be sign in?
Thanks
Marek Moravčík
11 Apr
11 Apr
11:40 a.m.
On 10 Apr 2015, at 09:23, Marek Moravcik <marekmoravcik(a)imafex.sk> wrote:
Hello,
I'd like to authenticate Kamailio users in LDAP. But it looks like
Kamailio need to download password from LDAP and authenticate
user on it's own. Is there any possibility to send password to LDAP
and let LDAP to say, if the user can be sign in?
For MD5 Digest challenge-response authentication the cleartext password is needed.
We do not get any cleartext password from the client, so the SIP auth server
needs to calculate a hash based on the nonce (the challenge), the authentication
realm and the secret. This hash is compared with the hash we get from the client.
This is a good reason to run LDAP over TLS.
/O
3516
days inactive
3517
days old
1 comments
2 participants
participants (2)
-
Marek Moravcik -
Olle E. Johansson