[Icecast-dev] Authentication

Karl Heyes karl at xiph.org
Tue Feb 28 09:01:00 PST 2006

mtyler at grandecom.net wrote:
> Hi,
> I'm working with the authentication setup in Icecast 2.3.1. I have authorizing
> live streams down, but I'm having issues with static files that I want to also
> serve.

you can specify listener auth for files, although the mechanism is 
fairly new so not all things apply to files yet.

> I attempted creating a specific mount with typical auth configuration for
> add/remove listener. Do I need the add/remove mount options. Can I specify a
> general mount point for a directory and then add mounts via add_mount directive
> will retaining the ability to auth the users? Or should I create a direct mount
> (including full path) to static file with maybe an alias?

The mount_add/remove don't apply to files, when would they apply? The 
<mount> tags apply to specific files (in webroot), you cannot currently 
use a directory or wild card specifier yet group a series of files under 
the same auth.

> Also, It might be me not setup correctly, but should I be able to pass user/pass
> info along with call to mount point in a form or link to authenticate a user
> without having a password prompt show up? I want my users to log into my site
> for static downloads but once they are logged in, they shouldn't be prompted
> for a password. But, if they try to download direct without authenticating,
> they then should be required to auth. Can I do this?

It's up to the playing apps to request a user/pass if one is required 
but if you pass back an m3u with the required use/pass and/or query args 
then they can be passed for verification by icecast.  Whether you get 
icecast or your own web engine (eg php) to generate the m3u is up to you.

> If I attempt to specify http://user:pass@localhost/secure.ogg.m3u it prompt that
> I'm attempting to connect to a site that doesn't require logging in. I believe
> this doesn't show via form submission on <a href>...?

the /auth.xsl file is an example of how you could generate an m3u with 
icecast using a user/pass, it uses /admin/buildm3u.

> Haven't tried, but what happens when I have 2 mounts with the same alias? So if
> I wanted to have localhost:8000/stream/directory/directory/file use
> add_listener directive to 8000action.php and
> localhost:8001/stream/directory/directory/file use add_listener direct to
> 8001action.php both with an alias of /file.ogg but on 8000 and 8001. Does this
> need to happen on two instances of icecast running simutaniously or can I do
> this on one?

if you have one icecast listening on both ports then those urls refer to 
the same file, it's not an alias. The port that the connection came in 
is not currently passed, that could be done I guess.

> One last thing :)
> Can I pass extra variables besides the user/pass? Like
> http://localhost:8000/secure.ogg.m3u?favoritecolor=rednoblue
> or in a FORM with a GET method to pass custom variables for further user
> validation?

yes, query args can be sent, they get encoded as part of the 'mount=' 
setting. AFAIK a generated m3u with links involving query args works in 
most players, so an m3u containing


should work as well.


More information about the Icecast-dev mailing list