[OpenSIPS-Users] SIP password auth mechanism
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Mar 7 15:34:49 EST 2017
Hi Abdul,
Besides the digest auth, there is no other standard auth mechanism for
SIP, AFAIK.
If you have control over the SIP UAC, of course, you could try to build
your own auth mechanism - OpenSIPS offers enough flexibility in terms of
both header manipulation and data computing.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Summit May 2017 Amsterdam
http://www.opensips.org/events/Summit-2017Amsterdam.html
On 03/07/2017 10:26 AM, Abdul Basit wrote:
> Hi,
>
> I have a scenario where I will create password HASH = SALT + STRING
> and save SALT and resulted HASH only in DB.
>
> I will transport random STRING value to my custom sip application as
> password.
>
> Digest authentication is not comply with this requirement.
>
> Is that any supported authentication mechanism that can fulfill this
> requirement.
> or is there any more appropriate authentication mechanism by
> opensips/kamailio?
>
> One of the objectives is in case DB will compromise, users passwords
> will not available because random STRING will not store in DB.
>
> Looking forward for suggestions and comments.
>
> --
> regards,
>
> abdul basit
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170307/660508fe/attachment.html>
More information about the Users
mailing list