Hi Daniel This certainly makes sense, I will try it in a few mins, but what I observed at Debug Level 3 is that Hash is calculated before www_authenticate is executed and it shows HA comparison failed, if I do use domain.com instead of $fd and use $domain.com in db domain field and build HA1 filed based on that, wont Kamailio still try to build the HA1 hash which it will compare form user:domain:pwd where domain is fed in to the hash function from the header of the SIP packet ? Regards
On Tue, Jan 3, 2012 at 5:07 PM, Daniel-Constantin Mierla <mico...@gmail.com> wrote: > Hello, > > you can simply use 'domain.com' as realm parameter to authentication > function instead of $fd. Also build ha1 and ha1b with domain.com and then > you are safe no matter which sip server is used. > > Of course you can build the realm by striping first token before '.' in $fd > and pass it to authentication functions, but not sure if makes sense since > it should be always domain.com > > Cheers, > Daniel > > > On 1/3/12 3:15 PM, Ali Jawad wrote: >> >> Hi >> After some research it seems to me that the only way to achieve this >> is to "try" and change how hashing is done in the source code, a >> little bit too ambitious for me, and it means I will have loads of >> problems each time an upgrade is released. >> >> Or >> >> Use pseudovariables to fix the value of the $fd value to something >> constant, while this worked for values like $var(y) I was not able to >> assign/strip $fd to remove the subdomain part. >> >> Any input please ? >> >> Regards >> >> On Tue, Jan 3, 2012 at 2:06 PM, Ali Jawad<ali.ja...@splendor.net> wrote: >>> >>> Hi >>> I do have 3 Kamailio servers, one for mobile phone registrations, one >>> for softphone registrations and one for SIP device registrations. Each >>> of those devices connects to it's perspective kamailio server >>> >>> sip1.domain.com >>> sip2.domain.com >>> sip3.domain.com >>> >>> All 3 Kamailio servers share the same database, and users can use >>> their kamailio user/pwd on any of the devices, now I want to use >>> encrypted passwords and remove clear text passwords from the database. >>> I did test with one server and all is fine,however if a user want to >>> register from the second kamailio server it does not work, basically >>> because the db domain entry from which the hash is created is >>> sip1.domain.com and stored in the db, while the user connects from to >>> sip2.domain.com this eventually generates a different hash. >>> >>> Is there anyway to overcome this ? Can I exclude Domain from Hash >>> generation ? Any other option that allows me to do the above ? >>> >>> Thanks >> >> >> > > -- > Daniel-Constantin Mierla -- http://www.asipto.com > http://linkedin.com/in/miconda -- http://twitter.com/miconda > -- Ali Jawad Information Systems Manager Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
