[Icecast] HTPasswd format and protecting XSL pages
geoff at QuiteLikely.com
Sun Jan 29 12:21:47 PST 2012
I had a need to look at icecast.org yesterday. Despite the fact that it
had been there for over 3 years (since the last release), I only just
noticed that XSL pages can be password-protected using the same auth
mechanism available to other items. I was very interested in this as I
wanted to be able to protect our stats info without giving those with a
right to access it the admin password of the server.
Unfortunately, the Icecast documentation didn't give an example of how to
do this. It did talk about authentication in general and how to apply it
(http://icecast.org/docs/icecast-2.3.2/icecast2_listenerauth.html) so I
took that as a starting point.
I added a <mount> section and used "/status.xsl" as the mount-name and
used the auth example found in one of the config files. All well and good
- instead of the page coming up straight away, I got an authentication
prompt. But this is about as far as I got.
Since I want to use the same credentials as an area of the website, I
thought that maybe I could use the .htpasswd file I use for that. It
So I did a bit of searching and turned up
http://www.barnyardbbs.com/Projects/Streaming/ where it is asserted that
Icecast2 htpasswd files use MD5 hashes (the Icecast2 documentation doesn't
say what is used). So I reran htpasswd(1) with the -m switch and
recreated the entry in the .htpasswd file in use for the website, in order
to encode it with MD5 instead of CRYPT. But this didn't make any
difference either - I still couldn't authenticate.
So I gave up doing this and decided to try doing what the manual says to
do - use the admin interface to create the entries in the HTPasswd file.
But I hit a problem - a rather obvious problem in that /status.xsl is not
an active source which can be clicked on. So I tried going to
/admin/manageauth.xsl but nothing showed up there either. And I tried
/admin/manageauth.xsl?mount=/status.xsl but I got a 400 Bad Request error
with the message "Source does not exist".
So I'm somewhat stuck. The Icecast release announcement for 2.3.2 says
this can be done, and the config file part of it seems to work. But I
can't see how I'm meant to either generate the htpasswd file externally in
such a way that Icecast2 can understand it, or persuade Icecast2 itself to
do it when it's not a traditional source as such.
Any advice anyone could give would help.
More information about the Icecast