[icecast-dev] User authentication schemes

oddsock oddsock at oddsock.org
Fri Jan 30 06:55:33 PST 2004 


At 01:16 PM 1/26/2004, you wrote:

>What about SOAP (or would this be an RPC)? When a client connects, a SOAP 
>object is sent to the subscription/authorization server containing the 
>username, password and requested mount. The auth server can then process 
>this and return true or false. Then when the client logs off, another 
>object would be sent to note that event. The cool thing about this is that 
>you can write whatever authorization logic you'd like. Icecast just has to 
>send the objects (and get a response when someone is logging on) with no 
>knowledge of how the decision to authenticate or not is made. Or is there 
>better/easier protocol or method to use to get the same effect?
>
>I would guess this could also be done with URL calls as well but how would 
>Icecast accept the response? Is this ability built into the httpp library?
this approach is pretty much exactly what I was thinking, although I don't 
think SOAP is necessarily the right approach, a simple URL call will 
suffice for this...the communication protocol would be fairly 
simple...Icecast passed user/pass/mount info via a URL call, and the URL 
call must respond with certain specified HTTP response headers indicating 
success or failure, and based on those responses icecast would accept or 
deny the client.

the downside is that this would require plaintext users and password being 
sent over the wire, although since they are already coming IN using simple 
HTTP authentication, this is already being done, so not much different if 
you ask me..

we have alot of the infrastructure for URL calls already in icecast (due to 
the YP listing code which uses it) and so we can re-use alot of that.

Mike has also implemented a simpler approach, which is also very useful and 
works the way apache .htpasswd files work.  I think supporting both 
mechanisms is a good thing and will probably be the approach we go with.

oddsock 

<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast-dev mailing list