[OpenSIPS-Devel] [ opensips-Feature Requests-3413312 ] uac_auth using hashed credentials

[SourceForge.net]

Feature Requests item #3413312, was opened at 2011-09-23 06:13
Message generated for change (Settings changed) made by vladut-paiu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086413&aid=3413312&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
>Priority: 7
Private: No
Submitted By: Odin Gremaud (gremodin)
>Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: uac_auth using hashed credentials

Initial Comment:
The uac_auth module allows OpenSIPS to authenticate with a remote SIP or PSTN gateway (some requires such behavior) using the usual username:domain:password information. However, this information is stored in plain text in the configuration file. It would be a great security improvement to be able to store this information as an already hashed value that could then be used without calculating the hash on the fly when contacting the gateway.

This could be done for instance:
- by adding a new module parameter (ha_credential ?) to the module
- by allowing inserting hashed values in the current parameter (the function uac_auth() would sort them out afterward)
- with a method similar for instance to the subscriber's (having a database table with both plain text password and hashed credentials fields). I quickly thought out a table description (freely inspired from the subscriber table):
Table name: gw_auth
Fields:
- id
- gw_uri
- username
- domain
- password
- ha1
- ha1b

This would require also some modifications on the uac_auth() function as it would have to detect/define if the credentials are hashed or not.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086413&aid=3413312&group_id=232389