Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Challenge Response Authentication

KenLee
2011-03-29
2013-05-30
  • KenLee
    KenLee
    2011-03-29

    Currently Activa is using the plain text authentication mechanism:

    action: login
    username: some_guy
    secret: some_password

    Response: Success
    Message: Authentication accepted

    There is an alternative challenge response method that is more secure, as the password is not sent in plain text:

    action: challenge
    authtype: md5

    Response: Success
    Challenge: 997876932

    action: login
    authtype: md5
    username: some_guy
    key: md5sum(challenge+some_password)

    Response: Success
    Message: Authentication accepted

    I need to use the challenge response method in my applications.  My questions are:

    1) If I change the login method in activa to challenge response will you developers accept it into the trunk?
    2) Do you want to maintain the plaintext login and have it be configurable as far as which login mechanism gets used?

    Thank you,

    Ken Leland III

     
  • activatsp
    activatsp
    2011-04-04

    Hi Ken!

    1) Yes! we will accept the change.

    2) From what Asterisk version is supported authentication md5 secret?
    2.1) If it is supported in Asterisk 1.4 and 1.6 and 1.8, I propose make the md5 the default authentication method, but with a registry key to change to plain-text authentication.
    2.2) If it isn't supported in Asterisk 1.4 or 1.6 or 1.8, I propose to preserve the plain-text authentication method as default, and include a check-box in the configuration dialog to enable the md5 authentication.

    The Activa Team

     
  • RJ2011
    RJ2011
    2011-04-05

    We tested and 1.4.17 supports the challenge authentication. Is there anyway we can submit the changed files here? This forum doesn't seem to support file attachment.

    To make it work with md5 authentication, we modified following three files and added a md5.h header file.

    astprovider/ASTProvider/src/astprovider.cpp
    astprovider/ASTProvider/src/astcstaprovider.cpp
    astprovider/ASTProvider/src/astinterface.h
    astprovider/ASTProvider/src/md5.h

     
  • activatsp
    activatsp
    2011-04-06

    Hi,

    you can attach the modified files opening a new "Artifact" at "Traker">"Feature Request"

    Thanks!