View previous topic :: View next topic |
Author |
Message |
bbk
Joined: 15 Oct 2005 Posts: 79
|
Posted: Sun Feb 12, 2006 11:26 pm Post subject: souce client authentification process in detail |
|
|
hello
i hope it is not too off topic here but actually i had and will have some kind of authentification problem within sources.
next week i will stream from a location where is quite a restrictive firewall in place where i will have no access.
last year i was there as well and i had the following problem:
i can connect me to the icecast server with "telnet myserver 8000" it comes up with http kind of.... ok that tells me as far as i know the port is open on the firewall.
but can it be it is just one direction?
because when i try to connect me with the source client i get no connection. i don't have the exact entry in the log but it came up with a source connection but an authentification failure.
how is the authentification of the source client done?
a) does the client connect to the server -> gets respond with the question to send authentification data -> sends authetification data -> gets ok.
b) does the client connect to the server -> gets respond from the server -> sends authentification -> gets ok. _________________ ::bbk::
http://audioasyl.net |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Mon Feb 13, 2006 1:12 am Post subject: |
|
|
The process is just like a web request, a connection is established at the TCP level, then the source client sends headers along with the user/pass and then waits for the OK or failed response. When you are dealing with firewalls, a restrictive one will stop the TCP connection from being established so the header and authentication stage won't ever be reached.
karl. |
|
Back to top |
|
|
bbk
Joined: 15 Oct 2005 Posts: 79
|
Posted: Mon Feb 13, 2006 2:26 pm Post subject: http-header maybe? |
|
|
hello
thank you for your explaination.
ok so it is almost like the same as when authentification is done within apache right?
so the only thing that is different as the port 8000 is open is the http-header.
do you think it is possible the firewall is checking the headers if they are "good" http headers, i have in mind that icecast uses a modified http-header? _________________ ::bbk::
http://audioasyl.net |
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Mon Feb 13, 2006 4:31 pm Post subject: |
|
|
A firewall shouldn't be testing for it, http is not like say ftp in which you have to deal with 2 connections so tracking needs to be done. If a proxy is involved (transparent or not) then that may have an issue.
karl. |
|
Back to top |
|
|
|