[OpenSIPS-Users] Random auth realms
Volkan Oransoy
voransoy at gmail.com
Wed Jul 2 10:50:14 UTC 2025
Hi all
I store user authentication data on a subscriber table with precalculated
hashes for obvious reasons. Lately we are having issues with these new AI
conversations services. They send requests with random realms, especially
with IP addresses. What I understand, if I store the plain text
password and calculate ha1 at request time, I can accept these requests
even if the realm is different. But I don't want to do that. I tried to
tweak auth_db, when I set `use_domain` to 0, Opensips does not add the
realm to the query but still use is on ha1 challenge since the RFC requires
I think.
Is there a best practice to handle this issue?
Best regards
--
Volkan Oransoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250702/b6633567/attachment.html>
More information about the Users
mailing list