[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] LDAP servers and SIP Authentication

To: sip@ietf.org
Subject: [Sip] LDAP servers and SIP Authentication
From: "Avshalom Houri" <AVSHALOM@il.ibm.com>
Date: Fri, 8 Nov 2002 16:22:20 +0200
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=unsubscribe>
Sender: sip-admin@ietf.org

Since basic authentication has been deprecated from SIP and LDAP servers do not
support a uniform way for querying passwords. It seems that there is a problem with
using SIP with LDAP server as a directory.

For example, some LDAP servers return the user's password hashed (using MD5 or SHA
or something else) but we cannot compare this with the hashed password from the client,
even if the same hashing algorithm was used, because LDAP returns only the password
hashed, while the client-supplied hash includes more info in the digest. The only way we
can do this is by getting the password cleartext from LDAP, and do our own digest, but most
LDAP servers do not allow that, not even for the directory admin.

Any ideas?

Thanks
Avshalom

Prev by Date: Re: [Sip] B2BUA question.
Next by Date: [Sip] Buggy example in draft-ietf-sipping-reg-event-00
Previous by thread: [no subject]
Next by thread: [Sip] Buggy example in draft-ietf-sipping-reg-event-00
Index(es):
- Date
- Thread