[OpenSIPS-Users] AUTH module HA hash question
Liviu Chircu
liviu at opensips.org
Mon Apr 10 12:21:10 UTC 2023
On 10.04.2023 14:07, Yury Kirsanov wrote:
> I'm actually NOT using any type of DB, hence the problem, how do I
> specify multiple hashes with $var(password) for different auth types,
> as per the documentation?
I think there is a bit of confusion on the "timings" when the
multi-algorithm "xxx_challenge()" function is used vs. the
single-algorithm reply verification for the client step. As such:
* during the challenge step, you simply invoke xxx_challenge(MD5,
SHA256), to advertise multiple challenge headers to the client
* during the verification step, you are supposed to read the
*$auth.alg*, thus "learning" what the auth algorithm the client selected
(*modern*** phone vs. *classic* phone, i.e. SHA256 or MD5), then
populate *$var(password)***with the corresponding hash selected
from your cache or database
Hope this helps,
--
Liviu Chircu
www.twitter.com/liviuchircu |www.opensips-solutions.com
OpenSIPS Summit 2023 Houston, May 23-26 |www.opensips.org/events
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230410/f80c01e0/attachment.html>
More information about the Users
mailing list