> From: Alan DeKok > Sent: Sunday, 7 September 2003 12:35 AM > "Paul Hampson" <[EMAIL PROTECTED]> wrote: > > I realise this is slightly off topic, but I noticed in > > the doc/rlm_digest docs that digest authentication's draft > > standard has lapsed. > Yes, but Cisco still has it implemented in their boxes.
> > I'm just wondering what authentication methods people are > > using for SIP? Radius-based or not... I'm trying to avoid > > clear-text passwords if I can help it, but I don't want to > > double-up on what I'm storing, so HA1 seems like a bad idea. > EAP-SIM is a good bet. Wait a few weeks, and it should be added to > the server. I'm not working on it, but I've heard rumours... Fascinating, but I can't see off hand how to make that work with people's computers and MSN Messenger... Unless I make all our customers have SIM cards. And that leads to the problems described here: http://www.intel.com/update/contents/wi08031.htm Alternatively, I could modify FreeRADAIUS to let me auth with H1 strings ("MD5(usrename:realm:password)" I think) rather than just plain MD5... I wonder if "encryption_scheme = HA1" make sense... Of course, this would be easier to decide if my boss had an actual use for SIP... I will prolly end up authenticating off a different group of people than our dial-in customers, and doing it directly with calls to the mySQL backend, and just use FreeRADIUS for accounting. Or I start to muck about with Auth-Type and hints and whatnot. Which is tempting if I move to LDAP for authentication... Man, more reading to do. :-( -- ========================================================= Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department --------------------------------------------------------- Random signature generator 3.0 by Paul "TBBle" Hampson ========================================================= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
