[OpenSIPS-Users] SIP password auth mechanism

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Mar 7 15:34:49 EST 2017


Hi Abdul,

Besides the digest auth, there is no other standard auth mechanism for 
SIP, AFAIK.

If you have control over the SIP UAC, of course, you could try to build 
your own auth mechanism - OpenSIPS offers enough flexibility in terms of 
both header manipulation and data computing.

Regards,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
   http://www.opensips.org/events/Summit-2017Amsterdam.html

On 03/07/2017 10:26 AM, Abdul Basit wrote:
> Hi,
>
> I have a scenario where I will create password HASH = SALT + STRING 
> and save SALT and resulted HASH only in DB.
>
> I will transport random STRING value to my custom sip application as 
> password.
>
> Digest authentication is not comply with this requirement.
>
> Is that any supported authentication mechanism that can fulfill this 
> requirement.
> or is there any more appropriate authentication mechanism by 
> opensips/kamailio?
>
> One of the objectives is in case DB will compromise, users passwords 
> will not available because random STRING will not store in DB.
>
> Looking forward for suggestions and comments.
>
> --
> regards,
>
> abdul basit
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170307/660508fe/attachment.html>


More information about the Users mailing list