Jerome, this is not contradictory. After receiving a clear test password from the backend, GnuGk makes a proper hash of it (depending on hash parameters used by the endpoint) and compares both hashes. Hashes are usually dynamic (which means they depend on the password and some dynamic parameter), so it's usually not possible to store them in the database. Your backend would have to know the password, the dynamic value and the hash method used. Although it's possible to implement, in most cases it's simpler to return a clear text password from the database and let GnuGk to do the job. ----- Original Message ----- From: "Jerome Alet" <alet@xxxxxxxxxxxxxxxxx> Sent: Friday, May 11, 2007 10:26 AM > On Fri, May 11, 2007 at 09:34:22AM +0200, Zygmuntowicz Michal wrote: >> Clear text passwords are expected when communicating between >> GnuGk and SQL backends. >> >> I would not expect endpoints to send clear text password (so you >> could use them inside SQL modules). Endpoints usually send password >> hashes. > > I'm sorry but I don't understand what you are saying, because to me > it is self contradictory. > > I'm not talking about the password used to connect to the SQL backend > itself. > > I'm talking about the password (h235password) I must return to GNU GK > SQLPasswordAuth query. > > If I return a clear text password, but endpoints register with a hash, > is GNU GK able to check if they match ? > > If I return a hash, and endpoints register with a hash, then it's > easy to see if they match BUT the hashing must be the same. > > So : which type of password should I return in the h235password > column from my SQL query ? clear or hashed, and if hashed which > hashing algorithm ? > > Currently my LDAP server doesn't contain any h235 or h350 related > information, so I'm completely free to store whatever I want, > but I must know what to store before doing it. > > Thanks in advance > > Jerome Alet ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
