Back to old issue: I believe there still will be lots of endpoints supporting H.235 in form of MD5. Apart from modifications needed in radius server, we also need to modify something in gk, right? Otherwise it just complains about missing m_tokens and rejects a call... What should be modified there? Any ideas? Regards, Aivis -----Original Message----- From: openh323gk-users-admin@lists.sourceforge.net [mailto:openh323gk-users-admin@lists.sourceforge.net]On Behalf Of Zygmuntowicz Michal Sent: Saturday, October 25, 2003 1:50 PM To: openh323gk-users@lists.sourceforge.net Subject: Re: Radius selection No, it supports H.235, but only in form of MD5 hashed password. The radius does not support this H.235 security scheme. For radius, CAT (Cisco Access Token) needs to be used as H.235 algorithm. Something like that: tokens = 1 entries { [0]={ tokenOID = 1.2.840.113548.10.1.2.1 timeStamp = 1066818725 challenge = 16 octets { b9 e8 9d b2 65 4c 70 be ca 3a 92 00 f9 fc d9 b8 ....eLp..:...... } random = 125 generalID = 8 characters { 007a 0076 0069 0073 0069 006f 006e 0000 1002 } } } Another options is to develop FreeRadius rlm module that will accept H.235 MD5 pwdHash - it should not be too difficult - a way the hash is calculated can be seen in h235auth.cxx (H235AuthSimpleMD5). But this solution will be FreeRadius specific... ----- Original Message ----- From: "Aivis Olsteins" <aivis@datatechlabs.com> Sent: Friday, October 24, 2003 2:58 PM > Question: having this entry below in RRQ means that endpoint does not > support H.235 , correct? > > cryptoTokens = 1 entries { > [0]=cryptoEPPwdHash { > alias = h323_ID 4 characters { > 0031 0030 0030 0032 1002 > } > timeStamp = 1725906845 > token = { > algorithmOID = 1.2.840.113549.2.5 > paramS = { > } > hash = Hex: 09 03 95 fc 72 6e 6a 9f 46 00 75 1d 05 3d 88 46 > } > } > } ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
