[OpenSIPS-Users] SIP password auth mechanism

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Mar 10 10:29:05 EST 2017


Hi Abdul,

I see that's a draft, so hard to judge on how far it will get. And 
something like this is not on our roadmap, maybe because of its very, 
very low priority in terms of needs. Do you have any idea if anyone 
actually implemented this ?

Regards,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
   http://www.opensips.org/events/Summit-2017Amsterdam.html

On 03/09/2017 12:37 PM, Abdul Basit wrote:
> Hi Geeks,
>
> While exploring further I found a draft explaining elliptic curve 
> secure remote protocol (*EC-SRP*) for SIP authentication
> https://tools.ietf.org/html/draft-liu-sipcore-ec-srp5-03
>
> This explanation seems align with my requirements of not storing 
> password in database.
> UAC and UAS both should support EC-SRP.
>
> Do we have any road-map of opensips implementing of EC-RSP or similar 
> authentication mechanism?
> I will check the same with PJSIP because i couldn't find any traces on 
> their forum as well.
>
> --
> regards,
>
> abdul basit
>
>
> On Wed, Mar 8, 2017 at 9:53 PM, Abdul Basit <basit.engg at gmail.com 
> <mailto:basit.engg at gmail.com>> wrote:
>
>     Hi Bogdan,
>
>     I am using PJSIP as UAC and Opensips as UAS with radius for AAA.
>     I wanted to avoid getting into the code but let me check the
>     flexibility.
>
>     Thank you for your reply :)
>
>     --
>     regards,
>
>     abdul basit
>
>     On Wed, Mar 8, 2017 at 1:34 AM, Bogdan-Andrei Iancu
>     <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>         Hi Abdul,
>
>         Besides the digest auth, there is no other standard auth
>         mechanism for SIP, AFAIK.
>
>         If you have control over the SIP UAC, of course, you could try
>         to build your own auth mechanism - OpenSIPS offers enough
>         flexibility in terms of both header manipulation and data
>         computing.
>
>         Regards,
>
>         Bogdan-Andrei Iancu
>            OpenSIPS Founder and Developer
>            http://www.opensips-solutions.com
>         <http://www.opensips-solutions.com>
>
>         OpenSIPS Summit May 2017 Amsterdam
>            http://www.opensips.org/events/Summit-2017Amsterdam.html
>         <http://www.opensips.org/events/Summit-2017Amsterdam.html>
>
>         On 03/07/2017 10:26 AM, Abdul Basit wrote:
>>         Hi,
>>         I have a scenario where I will create password HASH = SALT +
>>         STRING and save SALT and resulted HASH only in DB. I will
>>         transport random STRING value to my custom sip application as
>>         password.
>>         Digest authentication is not comply with this requirement. Is
>>         that any supported authentication mechanism that can fulfill
>>         this requirement.
>>         or is there any more appropriate authentication mechanism by
>>         opensips/kamailio?
>>         One of the objectives is in case DB will compromise, users
>>         passwords will not available because random STRING will not
>>         store in DB.
>>         Looking forward for suggestions and comments.
>>         -- regards,
>>         abdul basit
>>
>>         _______________________________________________
>>         Users mailing list
>>         Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>         <http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170310/4e9754d5/attachment.html>


More information about the Users mailing list