Dave St John
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
Ahh very nice, so how could i add like a MySQL module where usernames and passwords are stored in a MySQL db? can that be created by a third party or does it have to be created internaly? <p>Dave St John Mediacast1 Administration Need Support ? http://mediacast1.com/helpdesk ----- Original Message ----- From: "Michael Smith" <msmith@xiph.org> To: <icecast-dev@xiph.org> Sent: Thursday, April 01, 2004 11:51 PM Subject: Re: [icecast-dev] icecast2 ogg vorbis client request headers <p>> On Friday 02 April 2004 16:00, Dave St John wrote:> > hmmm. never heard of svn > > so we can no longer use cvs? > > Xiph.Org has started using 'Subversion' (commonly abbreviated 'SVN')instead> of CVS - so all new development is happening in the subversion repository. > > > > > >Let me know if you want more details. > > > > Absolutely, spill the beans im all ears :) > > Well, we now have client authentication. Off by default, of course. > > The design allows plugging in new authentication modules (though not > dynamically loading them) relatively easily. Currently only one method is > implemented - "htpasswd". > > With this authentication method, there's one configuration parameter: > "filename" - pointing at an htpasswd file. This is similar to apache's > htpasswd files (though more limited, I think). > > Each line in the file consists of a username, and an md5 hash of thepassword.> We don't currently have a tool to create these automatically. Writing one > would be fairly simple. > > To configure it, open your main icecast config file, and add a <mount>section> as normal for the mountpoint you want this on. Then add an authentication > node inside it, so it'll look something like this: > > <mount> > <mount-name>/authenticated-mountpoint.ogg</mount-name> > <authentication type="htpasswd"> > <option name="filename" value="/path/to/your/password/file"/> > </authentication> > </mount> > > All pretty straightforward apart from the lack of a tool to create the > password file. Using fairly standard unix tools, you can use this to getthe> md5sum you'll need (using a test password of 'foobar': > echo -n "foobar" | md5sum > > This will print out something like > 3858f62230ac3c915f300c664312c63f - > > You can then add it to your password file as follows (in this example, the > user is called "testuser"). Open up the password file, and add a new line, > containing: > testuser:3858f62230ac3c915f300c664312c63f > > So, there you go. > > Proper tools for creating this file will be added eventually. > > Mike > > > --- >8 ---- > List archives: http://www.xiph.org/archives/ > icecast project homepage: http://www.icecast.org/ > To unsubscribe from this list, send a message to'icecast-dev-request@xiph.org'> containing only the word 'unsubscribe' in the body. No subject is needed. > Unsubscribe messages sent to the list will be ignored/filtered. ><p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
On Fri, 2 Apr 2004, oddsock wrote:> a simple conversation protocol will be developed, but you can expect something > like the following : > > 1. client connects to mount point > 2. icecast makes a URL call passing in mountpoint, username, passwordcyrus-sasl can handle this, but I'm not sure if people like to figure out how to configure cyrus-sasl. what about just a local script that decides the authentication outcome, and such a program can connect to another URL, or do sasl lookup, etc. furthermore, I think it makes sense to also pass on the IP address of the client. the "ice-auth script" would take several arguments (tentatively). ice-auth <ip address> <mountpoint> <username> <password> and possibly let the stdout tell what to do. this should be very easy to implement and debug, and the performance on Unix should be okay (though ... oh well, on Windows, this is more expensive).> 3. icecast checks the return of the URL call and either allows the client to > proceed, or disconnects immediately.Or be served an alternative stream (such as an mp3 recording of a gentle voice, "you're not allowed to listen ... blah blah blah"). Redirection probably doesn't work since a number of clients don't support response 302 Moved. So the alternative stream has to be served implicitly. liulk --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
I think the plan is to add a URL based authentication, which would allow you to make a call to an arbitrary script (PHP, CGI, etc) which could do whatever you'd like (look up users in a mySQL db, look up in a local file, whatever)...this, I think, provides the most flexibility, and also pushes off alot of the authentication logic off of icecast where it doesn't really belong... a simple conversation protocol will be developed, but you can expect something like the following : 1. client connects to mount point 2. icecast makes a URL call passing in mountpoint, username, password 3. icecast checks the return of the URL call and either allows the client to proceed, or disconnects immediately. 4. client disconnects, icecast would also probably make a URL call which would communicate the disconnect.. also keep in mind, this isn't implemented yet, and is still on the drawing board...but this is on the icecast todo list.. :) oddsock At 02:37 AM 4/2/2004, you wrote:>Ahh very nice, so how could i add like a MySQL module >where usernames and passwords are stored in a MySQL db? >can that be created by a third party or does it have to be created >internaly? > > >Dave St John >Mediacast1 Administration > >Need Support ? >http://mediacast1.com/helpdesk >----- Original Message ----- >From: "Michael Smith" <msmith@xiph.org> >To: <icecast-dev@xiph.org> >Sent: Thursday, April 01, 2004 11:51 PM >Subject: Re: [icecast-dev] icecast2 ogg vorbis client request headers > > > > On Friday 02 April 2004 16:00, Dave St John wrote: > > > hmmm. never heard of svn > > > so we can no longer use cvs? > > > > Xiph.Org has started using 'Subversion' (commonly abbreviated 'SVN') >instead > > of CVS - so all new development is happening in the subversion repository. > > > > > > > > >Let me know if you want more details. > > > > > > Absolutely, spill the beans im all ears :) > > > > Well, we now have client authentication. Off by default, of course. > > > > The design allows plugging in new authentication modules (though not > > dynamically loading them) relatively easily. Currently only one method is > > implemented - "htpasswd". > > > > With this authentication method, there's one configuration parameter: > > "filename" - pointing at an htpasswd file. This is similar to apache's > > htpasswd files (though more limited, I think). > > > > Each line in the file consists of a username, and an md5 hash of the >password. > > We don't currently have a tool to create these automatically. Writing one > > would be fairly simple. > > > > To configure it, open your main icecast config file, and add a <mount> >section > > as normal for the mountpoint you want this on. Then add an authentication > > node inside it, so it'll look something like this: > > > > <mount> > > <mount-name>/authenticated-mountpoint.ogg</mount-name> > > <authentication type="htpasswd"> > > <option name="filename" value="/path/to/your/password/file"/> > > </authentication> > > </mount> > > > > All pretty straightforward apart from the lack of a tool to create the > > password file. Using fairly standard unix tools, you can use this to get >the > > md5sum you'll need (using a test password of 'foobar': > > echo -n "foobar" | md5sum > > > > This will print out something like > > 3858f62230ac3c915f300c664312c63f - > > > > You can then add it to your password file as follows (in this example, the > > user is called "testuser"). Open up the password file, and add a new line, > > containing: > > testuser:3858f62230ac3c915f300c664312c63f > > > > So, there you go. > > > > Proper tools for creating this file will be added eventually. > > > > Mike > > > > > > --- >8 ---- > > List archives: http://www.xiph.org/archives/ > > icecast project homepage: http://www.icecast.org/ > > To unsubscribe from this list, send a message to >'icecast-dev-request@xiph.org' > > containing only the word 'unsubscribe' in the body. No subject is needed. > > Unsubscribe messages sent to the list will be ignored/filtered. > > > > >--- >8 ---- >List archives: http://www.xiph.org/archives/ >icecast project homepage: http://www.icecast.org/ >To unsubscribe from this list, send a message to >'icecast-dev-request@xiph.org' >containing only the word 'unsubscribe' in the body. No subject is needed. >Unsubscribe messages sent to the list will be ignored/filtered.<p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Geoff Shang
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
Hi: My guess is that the ability to ask an external program for the authorisation information could be implemented, much like the script playlist method. Geoff. <p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Michael Smith
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
On Friday 02 April 2004 23:44, Geoff Shang wrote:> Hi: > > My guess is that the ability to ask an external program for the > authorisation information could be implemented, much like the script > playlist method. >That's a definate possibility. Would be easy and reasonably flexible. Mike --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Michael Smith
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
On Saturday 03 April 2004 02:22, oddsock wrote:> I think the plan is to add a URL based authentication, which would allow > you to make a call to an arbitrary script (PHP, CGI, etc) which could do > whatever you'd like (look up users in a mySQL db, look up in a local file, > whatever)...this, I think, provides the most flexibility, and also pushes > off alot of the authentication logic off of icecast where it doesn't really > belong...That was your plan. My plan is to provide what currently exists (htpasswd-like) and a 'script' authenticator which just calls an external program, as Geoff described. Both are, of course, possible. Your "URL call" (this is a very strange way to describe it, by the way - I assume you mean "HTTP connection") approach is much more complex to implement well, though, without obviously being more powerful. Mike --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Michael Smith
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
On Friday 02 April 2004 18:37, Dave St John wrote:> Ahh very nice, so how could i add like a MySQL module > where usernames and passwords are stored in a MySQL db? > can that be created by a third party or does it have to be created > internaly? >This certainly could be added - it needs some basic support internally to know which functions to call, but that's easy. Of course, this would require someone with knowledge of how to do this (presumably using the MySQL client libraries) to write the authentication backend for it. Mike --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Dave St John
2004-Aug-06 14:57 UTC
[icecast-dev] icecast2 ogg vorbis client request headers
> This certainly could be added - it needs some basic support internally toknow> which functions to call, but that's easy. Of course, this would require > someone with knowledge of how to do this (presumably using the MySQLclient> libraries) to write the authentication backend for it.or at least something that would either accept an internal MySQL plugin(mysql tables for basic user auth) or accept external MySQL plugin, could be written in perl/php whatever, icecast2 just looks for certain a script protocol and process's them accordingly. <p>Dave St John Mediacast1 Administration Need Support ? http://mediacast1.com/helpdesk ----- Original Message ----- From: "Michael Smith" <msmith@xiph.org> To: <icecast-dev@xiph.org> Sent: Sunday, April 04, 2004 6:37 PM Subject: Re: [icecast-dev] icecast2 ogg vorbis client request headers <p>> On Friday 02 April 2004 18:37, Dave St John wrote:> > Ahh very nice, so how could i add like a MySQL module > > where usernames and passwords are stored in a MySQL db? > > can that be created by a third party or does it have to be created > > internaly? > > > > This certainly could be added - it needs some basic support internally toknow> which functions to call, but that's easy. Of course, this would require > someone with knowledge of how to do this (presumably using the MySQLclient> libraries) to write the authentication backend for it. > > Mike > > --- >8 ---- > List archives: http://www.xiph.org/archives/ > icecast project homepage: http://www.icecast.org/ > To unsubscribe from this list, send a message to'icecast-dev-request@xiph.org'> containing only the word 'unsubscribe' in the body. No subject is needed. > Unsubscribe messages sent to the list will be ignored/filtered. ><p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-dev-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.