<DIV>
<DIV>Hello Steve,</DIV>
<DIV> </DIV>
<DIV>Thanks for your feedback.</DIV>
<DIV> </DIV>
<DIV>Actually, as suggested by Antonio from another mail, I have already tried adding the following modparam statements in the ser.cfg file:</DIV>
<DIV> </DIV>
<DIV>modparam("auth_db", "calculate_ha1", 0)<BR>modparam("auth_db", "password_column", "ha1")<BR></DIV>
<DIV> </DIV>
<DIV>.... and their effect is such that user authentication makes use of the hashed password in the "ha1" password column created during user creation using "serctl add" command.</DIV>
<DIV><BR>On the other hand, what I am really after is that on user creation using serctl add command, the password column "password" is not left in plain text. Is this possible? or is it still required for SerWeb authentication?</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Thanks</DIV>
<DIV> </DIV>
<DIV>Karl</DIV><BR><BR><B><I>Steve Blair <blairs@isc.upenn.edu></I></B> wrote:
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR>I seem to remember that one of the parameters in the modparam <BR>statement for the<BR>auth module will determine if passwords are stored in clear text or <BR>encrypted. I am<BR>away from my office, and system, right now and cannot confirm this. <BR>Check the auth<BR>module documentation perhaps the answer is there.<BR><BR>Dave Bath wrote:<BR><BR>> Karl,<BR>><BR>> <BR>><BR>> You could try using radius authentication. Just google the archives <BR>> for some docs on how to use it.<BR>><BR>> <BR>><BR>> Dave<BR>><BR>> <BR>><BR>> ------------------------------------------------------------------------<BR>><BR>> *From:* serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] <BR>> *On Behalf Of *karl<BR>> *Sent:* 12 October 2004 08:13<BR>> *To:* serusers@lists.iptel.org<BR>> *Subject:* [Serusers] Avoiding storing passwords in
mysql "subscriber" <BR>> tablein clear-text<BR>><BR>> <BR>><BR>> Hi guys,<BR>><BR>> <BR>><BR>> I would appreciate if someone may help me on the subject. While still <BR>> requiring users to be authenticated against user credentials <BR>> (username, password, realm), on the other hand I want to avoid storing <BR>> passwords in clear text in mysql "subscriber" table. Any ideas?<BR>><BR>> <BR>><BR>> Thank you in advanced.<BR>><BR>> <BR>><BR>> Best regards,<BR>><BR>> <BR>><BR>> Karl<BR>><BR>> ------------------------------------------------------------------------<BR>><BR>> Do you Yahoo!?<BR>> vote.yahoo.com <HTTP: vote.yahoo.com>- Register online to vote today!<BR>><BR>>------------------------------------------------------------------------<BR>><BR>>_______________________________________________<BR>>Serusers mailing
list<BR>>serusers@lists.iptel.org<BR>>http://lists.iptel.org/mailman/listinfo/serusers<BR>> <BR>><BR><BR>_______________________________________________<BR>Serusers mailing list<BR>serusers@lists.iptel.org<BR>http://lists.iptel.org/mailman/listinfo/serusers<BR></BLOCKQUOTE></DIV><p>__________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com