Hi List,
we are trying to do authentication with SER -> RADIUS -> KERBEROS following draft-kaushik-radius-sec-ext (Radius Secutity Extensions Using Kerberos) has anyone succeeded in doing this (or something similar)?
thanks, Stefano
Hello,
haven't studied this auth mechanism, but be aware that a SIP client sends auth credential as a www-digest response. You don't have access to plain text password from client side, but you need access to plain text or ha1 string on the server to be able to detect if auth is ok.
Cheers, Daniel
On 02/28/07 13:07, Stefano Capitanio wrote:
Hi List,
we are trying to do authentication with SER -> RADIUS -> KERBEROS following draft-kaushik-radius-sec-ext (Radius Secutity Extensions Using Kerberos) has anyone succeeded in doing this (or something similar)?
thanks, Stefano
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi,
yes I know, that is problem radius can perform www-digest reponse, but it needs to have the plain-text password from Kerberos and I don't know if it is possible...
Stefano
Daniel-Constantin Mierla ha scritto:
Hello,
haven't studied this auth mechanism, but be aware that a SIP client sends auth credential as a www-digest response. You don't have access to plain text password from client side, but you need access to plain text or ha1 string on the server to be able to detect if auth is ok.
Cheers, Daniel
On 02/28/07 13:07, Stefano Capitanio wrote:
Hi List,
we are trying to do authentication with SER -> RADIUS -> KERBEROS following draft-kaushik-radius-sec-ext (Radius Secutity Extensions Using Kerberos) has anyone succeeded in doing this (or something similar)?
thanks, Stefano
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Daniel-Constantin Mierla -
Stefano Capitanio