[OpenSIPS-Devel] [ opensips-Feature Requests-3413312 ] uac_auth using hashed credentials

SourceForge.net noreply at sourceforge.net
Wed Mar 21 12:06:53 CET 2012 

Feature Requests item #3413312, was opened at 2011-09-23 06:13
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086413&aid=3413312&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
>Status: Closed
Priority: 7
Private: No
Submitted By: Odin Gremaud (gremodin)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: uac_auth using hashed credentials

Initial Comment:
The uac_auth module allows OpenSIPS to authenticate with a remote SIP or PSTN gateway (some requires such behavior) using the usual username:domain:password information. However, this information is stored in plain text in the configuration file. It would be a great security improvement to be able to store this information as an already hashed value that could then be used without calculating the hash on the fly when contacting the gateway.

This could be done for instance:
- by adding a new module parameter (ha_credential ?) to the module
- by allowing inserting hashed values in the current parameter (the function uac_auth() would sort them out afterward)
- with a method similar for instance to the subscriber's (having a database table with both plain text password and hashed credentials fields). I quickly thought out a table description (freely inspired from the subscriber table):
Table name: gw_auth
Fields:
- id
- gw_uri
- username
- domain
- password
- ha1
- ha1b

This would require also some modifications on the uac_auth() function as it would have to detect/define if the credentials are hashed or not.

----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-03-21 04:06

Message:
Hi Odin,

This feature was added in 1.8.0 (current trunk) - in the password field you
can put a plain text passwd or a HA1 hexa string; the module will detect
the two formats and accordingly calculate the response (see the docs for
more).

Regards,
Bogdan

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086413&aid=3413312&group_id=232389

More information about the Devel mailing list