[OpenSIPS-Users] Random auth realms
Bogdan-Andrei Iancu
bogdan at opensips.org
Thu Jul 17 15:31:44 UTC 2025
Hi Volkan,
Normally, in the auth reply, you need to use the realm received in the
challenge. So, if you want to be 100% RFC compliant, you should not keep
the HA1, but calculate it each time, with the received realm.
If you still want to use pre-computed HA1 and go around the variable
realms, you may simply load the HA1 via sql_ops and feed into pv_auth
function - no need for auth_db
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 02.07.2025 13:50, Volkan Oransoy wrote:
> Hi all
>
> I store user authentication data on a subscriber table with
> precalculated hashes for obvious reasons. Lately we are having issues
> with these new AI conversations services. They send requests with
> random realms, especially with IP addresses. What I understand, if I
> store the plain text password and calculate ha1 at request time, I can
> accept these requests even if the realm is different. But I don't want
> to do that. I tried to tweak auth_db, when I set `use_domain` to 0,
> Opensips does not add the realm to the query but still use is on ha1
> challenge since the RFC requires I think.
> Is there a best practice to handle this issue?
>
> Best regards
>
> --
> Volkan Oransoy
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250717/9506cb73/attachment.html>
More information about the Users
mailing list