Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
--------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!
Make sure that you have proper values in ha1 column (generated automatically by serctl, if not then you can use gen_ha1 utility to generate the hashes from plaintext password) and set:
modparam("auth_db", "calculate_ha1", no) modparam("auth_db", "password_column", ha1)
Jan.
On 12-10 00:12, karl wrote:
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
Do you Yahoo!? vote.yahoo.com - Register online to vote today! _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Thanks Jan for your feedback.
I may confirm that serctl is generating the follow values: i) Plain text in the "password" column. ii) Enrcrypted text in the "ha1" column. iii) Encrypted text in the "ha1b" column.
However, I refer back to my original objective, namely that while I still require users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table, when creating new user accounts using the serctl add command.
Thanks
Karl Jan Janak jan@iptel.org wrote: Make sure that you have proper values in ha1 column (generated automatically by serctl, if not then you can use gen_ha1 utility to generate the hashes from plaintext password) and set:
modparam("auth_db", "calculate_ha1", no) modparam("auth_db", "password_column", ha1)
Jan.
On 12-10 00:12, karl wrote:
Hi guys,
I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas?
Thank you in advanced.
Best regards,
Karl
Do you Yahoo!? vote.yahoo.com - Register online to vote today! _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
--------------------------------- Do you Yahoo!? vote.yahoo.com - Register online to vote today!
Have you found a solution for that?
Regards Bastian
karl schrieb:
Thanks Jan for your feedback.
I may confirm that serctl is generating the follow values: i) Plain text in the "password" column. ii) Enrcrypted text in the "ha1" column. iii) Encrypted text in the "ha1b" column.
However, I refer back to my original objective, namely that while I still require users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table, when creating new user accounts using the serctl add command.
Thanks
Karl */Jan Janak jan@iptel.org/* wrote:
Make sure that you have proper values in ha1 column (generated automatically by serctl, if not then you can use gen_ha1 utility to generate the hashes from plaintext password) and set: modparam("auth_db", "calculate_ha1", no) modparam("auth_db", "password_column", ha1) Jan. On 12-10 00:12, karl wrote: > Hi guys, > > I would appreciate if someone may help me on the subject. While still requiring users to be authenticated against user credentials (username, password, realm), on the other hand I want to avoid storing passwords in clear text in mysql "subscriber" table. Any ideas? > > Thank you in advanced. > > Best regards, > > Karl > > > > > --------------------------------- > Do you Yahoo!? > vote.yahoo.com - Register online to vote today! > ; _______________________________________________ > Serusers mailing list > serusers@lists.iptel.org > http://lists.iptel.org/mailman/listinfo/serusers
Do you Yahoo!? vote.yahoo.com http://vote.yahoo.com - Register online to vote today!
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Bastian Schern -
Jan Janak -
karl