Clear text passwords are expected when communicating between
GnuGk and SQL backends.
I would not expect endpoints to send clear text password (so you
could use them inside SQL modules). Endpoints usually send password hashes.
----- Original Message -----
From: "Jerome Alet" <alet@xxxxxxxxxxxxxxxxx>
Sent: Friday, May 11, 2007 12:43 AM
> Hi there,
>
> Since GNU Gk doesn't support LDAP anymore, I'm currently coding a
> PostgreSQL stored procedure to be able to retrieve any data
> I need from an LDAP server through a simple SELECT SQL statement.
>
> This procedure is written in the PlPythonU language, which is
> unrestricted Python embedded in PostgreSQL, unrestricted so I can
> import ldap modules and the like.
>
> This works perfectly outside of GNU Gk.
>
> Now I want to integrate this into GNU Gk, and I can see no reason
> why this wouldn't work (I can't do this right now I'm at home).
>
> What I need to do is :
>
> - have my endpoints ask for a password when people want to register a
> particular alias with the gatekeeper.
>
> - optionally, enforce a particular alias given an username (H.323 ID).
>
> What I planned to do is this :
>
> - Use [SQLPasswordAuth] and in my Python stored procedure do this :
>
> 1 - Retrieve password from LDAP based on unique alias number.
>
> 2 - Return this password from my stored procedure :
>
> SELECT fromldap('ldap://ldap.example.com:389', -- server
> 'cn=admin,dc=example,dc=com', -- admin DN
> 'ldapadminpassword', -- admin PW
> 'ou=aliases,dc=example,dc=com', -- base
> 'aliasAttributeName', -- fake attribute
> name
> '%1') -- alias
> AS h235password;
>
> BUT... Nowehere in the documentation of GNU Gk is specified which
> password encryption algorithm is expected for the h235password
> value, if any.
>
> So I'd like to know what sort of password is expected by GNU Gk
> when it will check.
>
> What would be even better, would be for the password coming from the
> endpoint, if it is clear text to be passed to the SQLPasswordAuth
> module as a third parameter, this way the LDAP extraction routine
> could be rewritten as a simple LDAP bind attempt, leaving the
> password checking work to the LDAP server. The routine would simply
> return the password as-is so excepted for the third parameter this
> would be transparent, or maybe an additional query should be allowed
> for SQLPasswordAuth, like 'CheckPWQuery' in addition to 'Query',
> with different semantics.
>
> Finally, if I combine two such stored procedures with in this
> order SQLAuth and SQLPasswordAuth, and use SQLAuth's RegQuery to
> enforce a particular alias given a particular H.323 ID, will SQLAuth
> use the new alias, or the one coming from the endpoint ?
>
> Thanks in advance for any information or comment on this subject.
>
> PS : if anyone is interested in the code I wrote, or if you want to
> include it as an example in GNU Gk, please tell and I'll send it to
> you tomorrow.
>
> bye
>
> Jerome Alet
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
