NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

authentication scheme to share password between bozohttpd and asterisk

I have a separate thread going on to setup webrtc with asterisk on

I have an existing website that uses stock bozohttpd on NetBSD. It uses
.htpasswd aka basic authentication. The passwords are stored using
blowfish encryption.

Whenever I open up use of sip/webrtc to users, as far as possible I don't
want them to be bothered with yet another password and preferably not even
ask to enter the same password when using the webrtc app.

Firstly asterisk doesn't seem to support blowfish. It supports md5, which
bozohttpd also does (I guess). So I may have to have all passwords reset
once - which is not so good, but acceptable. That may solve the `no 2
passwords' requirement.

But I'd prefer not to prompt for a password for asterisk if the user has
reached the landing page of webrtc app with basic auth. That seems
difficult, as browser will have to send the credentials to asterisk
directly. [I can possibly have a separate asterisk password which I can
return to the browser to let it send it to asterisk, but that may be
somewhat insecure.]


Home | Main Index | Thread Index | Old Index