[Spce-user] Hide customer password in Kamailio DB
Mathys Frédéric
frederic.mathys at nagra.com
Thu Apr 30 07:45:32 EDT 2015
Hello,
When creating a new user, by default the password is saved in plaintext in the DB, column "password". For obvious security reasons, I'd like to remove the password in this column and use only ha1 and ha1b values. To do that, I modified the "auth_db" module configuration :
/etc/kamailio/proxy/kamailio.cfg
modparam("auth_db", "use_domain", 1)
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1")
modparam("auth_db", "password_column_2", "ha1_2")
Then, I removed the password for all users in the DB, and everyone seems able to connect with this configuration. My problem is now when I create a new user, the password is automatically saved in plaintext and I don't want that. So I tried to modify "kamctlrc" by adding the following line :
/etc/kamailio/proxy/kamctlrc and /etc/kamailio/lb/kamctlrc
STORE_PLAINTEXT_PW=0
This has no effect, what should I do to disable that?
Thank you
Frederic Mathys
System Integration & Validation Engineer
P Please consider the environment - do you really need to print this email ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20150430/bac9ebbd/attachment.html>
More information about the Spce-user
mailing list