[OpenSIPS-Users] How to make OpenSIPS despise (ignore) the domain of UAC during the registration?

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Nov 18 11:12:58 CET 2015


Hi Rodrigo,

What you consider as "domain" is in fact the authentication realm - it 
has nothing to do with the SIP domain used in the SIP signaling.

What you need to do? is to be sure the same realm was used when 
generating the HA1 and when challenging UACs for auth (see the realm 
param of the www/proxy_challenge() and www/proxy_authorize()

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 17.11.2015 22:14, Rodrigo Pimenta Carvalho wrote:
>
>
> Dear OpenSIPS_Users,
>
>
> In my OpenSIPS, I have created the following configurations:
>
>
> In opensipsctlrc file
>
> ================
>
> SIP_DOMAIN=localhost
>
> STORE_PLAINTEXT_PW=0
>
>
>
>
> In OpenSIPS config file
>
> ===================
>
> #### AUTHentication modules
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> modparam("auth_db", "calculate_ha1", 0)
>
> modparam("auth_db", "password_column", "ha1")
>
>
>
> I intend to avoid password as plain text be recorded in the database.
>
> I also intend to let OpenSIPS run and works, in different domains. 
> That is, my configuration should works for different IP addresses. 
> That is why I use 'SIP_DOMAIN=localhost'. So, every time a new user is 
> added to the Registrar, a wrong IP address will not appear in the 
> database.
>
>
> However, this configuration does not allow an UAC register and be 
> online.  The UAC gets unauthorized (401) as response. I guess this is 
> due to the fact that ha1 is calculated using 'localhost' and the UAC 
> tries to register using an IP address. So, I suspect that OpenSIPs is 
> comparing the domain gotten form ha1 and gotten from the SIP Register 
> message. How to solve this problem?
>
>
> How to make OpenSIPS ignore the domain specified by the UAC, for SIP 
> REGISTER?
>
> What I need is to make OpenSIPS consider just login and password to 
> accept a register. Is it possible?
>
>
> Any hint will be very helpful!
>
>
> Thanks a lot.
>
>
>
> RODRIGO PIMENTA CARVALHO
> Inatel Competence Center
> Software
> Ph: +55 35 3471 9200 RAMAL 979
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20151118/11452367/attachment-0001.htm>


More information about the Users mailing list