<DIV>Steve,</DIV>
<DIV> </DIV>
<DIV>Thanks once again. </DIV>
<DIV> </DIV>
<DIV>I have modified the ser.cfg file as suggested, and restarted ser, but for whatever parmater value yes/no used, I always get the following results when creating a new user account with the serctl add command:</DIV>
<DIV>a) Clear text for password column "password".</DIV>
<DIV>b) Encrypted text for password column "ha1".</DIV>
<DIV>c) Encrypted text for password column "ha1b". <BR></DIV>
<DIV>Regards,</DIV>
<DIV> </DIV>
<DIV>Karl</DIV>
<DIV><BR><B><I>Steve Blair <blairs@isc.upenn.edu></I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR>Karl:<BR><BR>My notes say "modparam("auth", "calculate_ha1", yes)" will allow <BR>clear text<BR>passwords in the MySQL database. I vaguely remember setting this to<BR>no during a trial. I think, if my memory serves me correctly, that the value<BR>in the password column was encrypted at that point.<BR><BR>I would recommend you try this for yourself and report back to the <BR>list. It<BR>has been a while since I last tried it and I am currently running with <BR>clear<BR>text passwords.<BR><BR>Thanks,Steve<BR><BR>karl wrote:<BR><BR>> Hello Steve,<BR>> <BR>> Thanks for your feedback.<BR>> <BR>> Actually, as suggested by Antonio from another mail, I have already <BR>> tried adding the following modparam statements in the ser.cfg file:<BR>> <BR>> modparam("auth_db", "calculate_ha1", 0)<BR>> modparam("auth_db", "password_column", "ha1")<BR>> <BR>> ....
and their effect is such that user authentication makes use of <BR>> the hashed password in the "ha1" password column created during user <BR>> creation using "serctl add" command.<BR>><BR>> On the other hand, what I am really after is that on user creation <BR>> using serctl add command, the password column "password" is not left <BR>> in plain text. Is this possible? or is it still required for SerWeb <BR>> authentication?<BR>> <BR>> <BR>> Thanks<BR>> <BR>> Karl<BR>><BR>><BR>> */Steve Blair <BLAIRS@ISC.UPENN.EDU>/* wrote:<BR>><BR>><BR>> I seem to remember that one of the parameters in the modparam<BR>> statement for the<BR>> auth module will determine if passwords are stored in clear text or<BR>> encrypted. I am<BR>> away from my office, and system, right now and cannot confirm this.<BR>> Check the auth<BR>> module documentation perhaps the answer is there.<BR>><BR>> Dave Bath wrote:<BR>><BR>> >
Karl,<BR>> ><BR>> ><BR>> ><BR>> > You could try using radius authentication. Just google the archives<BR>> > for some docs on how to use it.<BR>> ><BR>> ><BR>> ><BR>> > Dave<BR>> ><BR>> ><BR>> ><BR>> ><BR>> ------------------------------------------------------------------------<BR>> ><BR>> > *From:* serusers-bounces@iptel.org<BR>> [mailto:serusers-bounces@lists.iptel.org]<BR>> > *On Behalf Of *karl<BR>> > *Sent:* 12 October 2004 08:13<BR>> > *To:* serusers@lists.iptel.org<BR>> > *Subject:* [Serusers] Avoiding storing passwords in mysql<BR>> "subscriber"<BR>> > tablein clear-text<BR>> ><BR>> ><BR>> ><BR>> > Hi guys,<BR>> ><BR>> ><BR>> ><BR>> > I would appreciate if someone may help me on the subject. While<BR>> still<BR>> > requiring users to be authenticated against user credentials<BR>> > (username,
password, realm), on the other hand I want to avoid<BR>> storing<BR>> > passwords in clear text in mysql "subscriber" table. Any ideas?<BR>> ><BR>> ><BR>> ><BR>> > Thank you in advanced.<BR>> ><BR>> ><BR>> ><BR>> > Best regards,<BR>> ><BR>> ><BR>> ><BR>> > Karl<BR>> ><BR>> ><BR>> ------------------------------------------------------------------------<BR>> ><BR>> > Do you Yahoo!?<BR>> > vote.yahoo.com - Register online to vote today!<BR>> ><BR>> >------------------------------------------------------------------------<BR>> ><BR>> >_______________________________________________<BR>> >Serusers mailing list<BR>> >serusers@lists.iptel.org<BR>> >http://lists.iptel.org/mailman/listinfo/serusers<BR>> ><BR>> ><BR>><BR>> _______________________________________________<BR>> Serusers mailing list<BR>>
serusers@lists.iptel.org<BR>> http://lists.iptel.org/mailman/listinfo/serusers<BR>><BR>> __________________________________________________<BR>> Do You Yahoo!?<BR>> Tired of spam? Yahoo! Mail has the best spam protection around<BR>> http://mail.yahoo.com<BR>><BR><BR>-- <BR><BR>ISC Network Engineering<BR>The University of Pennsylvania<BR>3401 Walnut Street, Suite 221A<BR>Philadelphia, PA 19104 <BR><BR><BR>voice: 215-573-8396 <BR><BR>215-746-7903<BR><BR>fax: 215-898-9348 <BR><BR>sip:blairs@upenn.edu<BR><BR></BLOCKQUOTE><p>
                <hr size=1>Do you Yahoo!?<br><a
href="http://vote.yahoo.com">vote.yahoo.com</a> - Register online to vote today!