[Users] Authentication and Password encryption using dbtext

Norman Brandinger norm at goes.com
Thu Mar 16 18:45:11 CET 2006


Thank you for the instructions and links. I loaded OpenSER on a test 
WRT54GL without a problem.

Using the web interface, a new account was added and the dbtext entry 
appeared to be created properly.

Then pointed an IP phone (SPA-841) to the WRT54GL and it appeared to 
register as indicated by the
green line light on the phone.  The web interface did show detailed 
information about the SPA-841.

I was not successful in completing an outbound call so started looking 
at the default milkfish_openser.cfg
file.  Tried adding xlog statements only to find that a very small 
subset of the OpenSER modules were
installed.  This may have been done to save space because after the 
installation of "milkfish", "rtpproxy" and
"openser", the WRT54GL space utilization jumped to about 95%.

While the system isn't fully functional, it appears that there isn't an 
issue with the password generation.  Note
that I didn't touch the distributed milkfish_openser.cfg file during 
this test.

Regards,
Norm
>
> Istvan Hubay Cebrian wrote:
>> Hi Norman,
>> Milkfish.org provides various packages, you can download binaries that
>> already include OpenWRT and the latest release of Milkfish/OpenSER (
>> http://developer.berlios.de/project/showfiles.php?group_id=3690 ) and 
>> simply
>> flash this file to your router. Instructions on how to do this are 
>> available
>> at the milkfish wiki: 
>> http://wiki.milkfish.org/index.php?n=Boozy.StepByStep
>> this is probably the best option.
>>
>> Alternatively you can firstly install OpenWRT (RC4 required) and then 
>> use
>> ipkg (similar to apt-get) to retrieve and install milkfish packages 
>> which
>> include OpenSER and Milkfish configuration files.
>>
>> To do this you will first need a router running OpenWRT RC4 and already
>> configured, then you will need to edit /etc/ipkg.conf and add the 
>> line 'src
>> milkfish http://packages.milkfish.org/boozy/'.
>> Keep in mind that most files (particularly in /etc) are sym links to the
>> read-only fs located in /rom. Therefore you will need to remove the 
>> sym link
>> /etc/ipgk.conf that points to /rom/etc/ipkg.conf, and copy the 
>> original from
>> /rom/etc/ipkg.conf to /etc/ and only then can you edit.
>>
>> Once you're done run 'ipkg install milkfish' this will install 
>> OpenSER and
>> Milkfish configuration files and depending on your needs you can run 
>> 'ipkg
>> install rtpproxy'.
>>
>> I had a few problems initially namely every installed script had as 
>> owner
>> '1000' I had to change this to 'root' so that the web interface ran
>> correctly. This should probably be enough however you should take a 
>> look at
>> the milkfish wiki for more detailed instructions.
>> Hope this helps.
>>
>> Regards,
>> Istvan
>>
>> -----Original Message-----
>> From: Norman Brandinger [mailto:norm at goes.com] Sent: quarta-feira, 15 
>> de Março de 2006 16:38
>> To: Istvan Hubay Cebrian
>> Cc: users at openser.org
>> Subject: Re: [Users] Authentication and Password encryption using dbtext
>>
>> Hi Istvan,
>>
>> Just last night I loaded dd-wrt (v23) on a WRT54G.  It loaded SER, 
>> not OpenSER which was pretty slick but I would rather have OpenSER on 
>> it :)
>>
>> Can you send me the package you created, or instructions on creating 
>> a package myself ?  Once OpenSER is loaded on the WRT54G, I'll try to 
>> give you a hand in resolving this problem.
>>
>> I've been to the milkfish site in the past but didn't have the time 
>> to dig into it.  I think that a linux (not FreeBSD) development 
>> environment is required.  If this is the case, it will take me a 
>> little while to get up to speed as linux isn't for anything over here 
>> (which means that we would have to re-task an existing machine or 
>> build up a new one).
>>
>> Regards,
>> Norm
>> norm at goes dot com
>>
>>
>> Istvan Hubay Cebrian wrote:
>>  
>>> Hi,
>>>
>>> I am currently deploying OpenSER v1.0 on a Linksys WRT54GS router (
>>> www.milkfish.org ).
>>> I have read through all available documentation concerning 
>>> authentication
>>> and dbtext and I have configured OpenSER such that an MD5 hash 
>>> string is
>>> stored in the subscribers file.
>>> However (and this may-be specific to milkfish) the password was also
>>>     
>> always
>>  
>>> being stored as text. After editing and removing the parameter that 
>>> stored
>>> the password as text in 'dbtextctl' authentication no longer works. 
>>> This
>>> IMHO is because the UA is sending the password as text which is then 
>>> being
>>> compared to the MD5 hash string, this test obviously fails.
>>>
>>> One solution would be to receive the password as text, then 
>>> construct the
>>> MD5 hash string then compare, however I don't know how to do this.
>>>
>>> I have looked through openser.cfg but I can't seem to make heads or 
>>> tails
>>>     
>> of
>>  
>>> (particularly the www_authorize and challenge part):
>>>
>>> if (method=="REGISTER")         {                             
>>>                 if (uri==myself)
>>>                 {
>>>                         #wants to register only at router, no 
>>> external SIP
>>> provider                          #log(1, "internal REGISTER\n");
>>>                         #make entry at local registrar
>>>                 if (!www_authorize("", "subscriber")) {
>>>                         www_challenge("", "0");
>>>                     exit;
>>>                 };                                   save("location");
>>>                 }
>>>                 else                    {       
>>>                         #wants to register at external SIP provider 
>>>                         #log(1, "external REGISTER\n");
>>>                         #check if user is already registered at 
>>> internal
>>> registrar                         if (!lookup("location"))
>>>                         {
>>>                                 #if not do a drive-by registration
>>>                                 #for registration at internal registrar
>>>                                 #without a reply 
>>>                                 save_noreply("location");       
>>>                         };
>>>                         #Fixing of private address in contact hf
>>>                         fix_nated_contact("217.189.167.187"); 
>>>                         route(1);
>>>                 };
>>>                 return;
>>>                                      };  
>>> If anyone could explain what is happening above, or how I could 
>>> accomplish
>>> what I need (in which username, password and realm are received and 
>>> an MD5
>>> hash string is constructed) I would be much appreciated.
>>>
>>> Regards,
>>> Istvan
>>>
>>>
>>>       
>>
>>   
>
>





More information about the Users mailing list