Currently Activa is using the plain text authentication mechanism:
Message: Authentication accepted
There is an alternative challenge response method that is more secure, as the password is not sent in plain text:
I need to use the challenge response method in my applications. My questions are:
1) If I change the login method in activa to challenge response will you developers accept it into the trunk?
2) Do you want to maintain the plaintext login and have it be configurable as far as which login mechanism gets used?
Ken Leland III
1) Yes! we will accept the change.
2) From what Asterisk version is supported authentication md5 secret?
2.1) If it is supported in Asterisk 1.4 and 1.6 and 1.8, I propose make the md5 the default authentication method, but with a registry key to change to plain-text authentication.
2.2) If it isn't supported in Asterisk 1.4 or 1.6 or 1.8, I propose to preserve the plain-text authentication method as default, and include a check-box in the configuration dialog to enable the md5 authentication.
The Activa Team
We tested and 1.4.17 supports the challenge authentication. Is there anyway we can submit the changed files here? This forum doesn't seem to support file attachment.
To make it work with md5 authentication, we modified following three files and added a md5.h header file.
you can attach the modified files opening a new "Artifact" at "Traker">"Feature Request"
I uploaded the modified files here:
Search for "MTT MOD" and you should find all the modifications to the files.