[OpenSIPS-Users] Random auth realms

Volkan Oransoy voransoy at gmail.com
Wed Jul 2 10:50:14 UTC 2025


Hi all

I store user authentication data on a subscriber table with precalculated
hashes for obvious reasons.  Lately we are having issues with these new AI
conversations services. They send requests with random realms, especially
with IP addresses. What I understand, if I store the plain text
password and calculate ha1 at request time, I can accept these requests
even if the realm is different. But I don't want to do that. I tried to
tweak auth_db, when I set `use_domain` to 0, Opensips does not add the
realm to the query but still use is on ha1 challenge since the RFC requires
I think.
Is there a best practice to handle this issue?

Best regards

-- 
Volkan Oransoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250702/b6633567/attachment.html>


More information about the Users mailing list