[Icecast] HTPasswd format and protecting XSL pages

Sun Jan 29 20:21:47 UTC 2012

Hi,

I had a need to look at icecast.org yesterday.  Despite the fact that it 
had been there for over 3 years (since the last release), I only just 
noticed that XSL pages can be password-protected using the same auth 
mechanism available to other items.  I was very interested in this as I 
wanted to be able to protect our stats info without giving those with a 
right to access it the admin password of the server.

Unfortunately, the Icecast documentation didn't give an example of how to 
do this.  It did talk about authentication in general and how to apply it 
to mounts 
(http://icecast.org/docs/icecast-2.3.2/icecast2_listenerauth.html) so I 
took that as a starting point.

I added a <mount> section and used "/status.xsl" as the mount-name and 
used the auth example found in one of the config files.  All well and good 
- instead of the page coming up straight away, I got an authentication 
prompt.  But this is about as far as I got.

Since I want to use the same credentials as an area of the website, I 
thought that maybe I could use the .htpasswd file I use for that.  It 
didn't work.

So I did a bit of searching and turned up 
http://www.barnyardbbs.com/Projects/Streaming/ where it is asserted that 
Icecast2 htpasswd files use MD5 hashes (the Icecast2 documentation doesn't 
say what is used).  So I reran htpasswd(1) with the -m switch and 
recreated the entry in the .htpasswd file in use for the website, in order 
to encode it with MD5 instead of CRYPT.  But this didn't make any 
difference either - I still couldn't authenticate.

So I gave up doing this and decided to try doing what the manual says to 
do - use the admin interface to create the entries in the HTPasswd file. 
But I hit a problem - a rather obvious problem in that /status.xsl is not 
an active source which can be clicked on.  So I tried going to 
/admin/manageauth.xsl but nothing showed up there either.  And I tried 
/admin/manageauth.xsl?mount=/status.xsl but I got a 400 Bad Request error 
with the message "Source does not exist".

So I'm somewhat stuck.  The Icecast release announcement for 2.3.2 says 
this can be done, and the config file part of it seems to work.  But I 
can't see how I'm meant to either generate the htpasswd file externally in 
such a way that Icecast2 can understand it, or persuade Icecast2 itself to 
do it when it's not a traditional source as such.

Any advice anyone could give would help.

Thanks,
Geoff.