[icecast] details of HTTP Basic auth for icecast2
msmith at labyrinth.net.au
Tue Aug 20 14:06:38 UTC 2002
At 08:49 AM 8/20/02 +0200, you wrote:
>Michael Smith wrote:
>> Currently, "source". Other suggestions welcome.
>I guess the current working semantics don't need anything more
>complicated. If the need rises to provide more complex access control,
>userid / password pairs could be defined in the icecast config file. e.g.:
>user1 / password1 allowed to connect as source /source1*
>user2 / password2 allowed to connect as source /source2*
>or something like that. this would make it possible to give different
>users a safe way to provide their sorces to the same server, but not
>interfere with each other.
Yes - that was part of the longer-term plan, and a substantial part
of the reason why I wanted to move to a better/more standard auth
>> I'm not sure. I understand your misgivings about it being
>> not-quite-HTTP, but I'm not sure if there's a better solution. I
>> changed the authentication to using HTTP auth because HTTP _does_
>> provide a standard way to do it, but the rest it doesn't - and
>> we still want that information (the rest of it is optional,
>> remember, leaving SOURCE as the only mandatory non-HTTP part. I
>> considered using PUT instead of SOURCE, and I could still be
>> swayed on that, but the semantics seemed sufficiently different
>> to keep them seperate).
>> Ideas are welcome.
>Looking at the HTTP 1.1 RFC 2616:
I'm really tired, so I won't respond to all of this in detail (except to
note that I agree with your conclusions generally), but:
icecast2 is deliberalely NOT an HTTP 1.1 server. Implementing
a minimal subset of HTTP/1.1 is (rough guess) an order of
magnitude more complex than a minimal HTTP/1.0 server.
>we can think of SOURCE as an extension-method. regarding responses to
>different methods, the RFC says that a 501 (Not Implemented) response
>should be given to all unimplemented methods (I wonder if this is done
>so), and that "methods GET and HEAD MUST be supported by all
>general-purpose servers" (most probably done already).
<p>Right. HEAD isn't implemented, but calling icecast2 a "general purpose
server" would also be pretty inaccurate :-)
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast