Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Annoying? auth for relays/clients

 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
Anonymous
Guest





PostPosted: Fri Apr 20, 2007 8:54 pm    Post subject: Annoying? auth for relays/clients Reply with quote

Hi Wink

I'm willing to switch over from shoutcast to icecast on a head relay, at least for testing purpose, but I'm a little bit worried about the way icecast handles auth of the client. I won't have an easy access to the firewall configuration of the "master" server, and the (client) relays will be using shoutcast probably, which, AFAIK, doesn't support password auth.

Icecast supports HTTP auth, but if I was to use it, it would merely only add a possible point of failure to my architecture, or I would have to do some dirty hack to have some http "always available" to the icecast server. I really would like to know how hard it could be to have the same kind of thing icecast already handles for htpasswd auth : an restricted IP list that could be loaded directly on icecast, with no external auth request.

I've been looking around and haven't found an all-baked solution for such a thing, but instead some workarounds (http auth is one as I see it, using a firewall needs a "heavy" access to the serv, shoutcast servers can't handle authenticated relaying...)

I'm really looking forward to have something simple here (and yes, kind of monolithic externally, having icecast managing more, if that's really more to handle Wink), and I think it could really help to have such a mechanism which could be managed from the web interface, as shoutcast does, and as icecast already does for htpasswd thing.

Thanks for reading this Wink
Back to top
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Fri Apr 20, 2007 10:57 pm    Post subject: Reply with quote

Usually people ask for banning IPs/useragents rather than only accepting certain a limited set. I only have a ban option in -kh but you could use url auth for those mountpoints being relayed and have the listener_add script check the IP of the listener against a list. You shouldn't need to provide any user/pass credentials from any shoutcast relayers then.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Anonymous
Guest





PostPosted: Fri Apr 20, 2007 11:24 pm    Post subject: Reply with quote

Banning looks fine too, but limited in case someone wants to be nasty. I mean, my head server is not to be used by any real listeners, but only to broadcast to leaves, final relays.

As I told for the URL auth thing, the problem is I have to set up a server or use one that should "never fail" to answer for the given IP list.. that's a lot to do when you think about full redundancy of service and it's a kind of critical one : webserver down, in case a relay needs to reconnect, it can't ? so I should not only think about the stream full time availability but also the webserver and so on..

I know, it can be done this way, but having server relying on servers that relies on others and so one is something I'd really like to avoid. And right, hack a bit to set something like a local http server to answer the requests may look funny, but once again, one thing more to maintain, set up blabla... Hence my request in fact Wink
Back to top
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Sat Apr 21, 2007 12:21 am    Post subject: Reply with quote

An allowed only list could be added if need be, it's only a slight variation of the banned list but it depends on whether you want a working setup now or not. You didn't mention url auth, only htpasswd so that is why I suggested it.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Anonymous
Guest





PostPosted: Sat Apr 21, 2007 12:41 am    Post subject: Reply with quote

Sorry, the http auth I was talking about was the url thing but right, both uses http hehe..
As "always", the sooner, the better, but I have no idea how your roadmap is, and as I probably won't have time to code it myself, I'll wait quietly Smile

Thanks for your fast answer Wink
Back to top
Anonymous
Guest





PostPosted: Fri May 04, 2007 1:25 am    Post subject: Reply with quote

OK, this works and will prove useful, thanks a lot for adding it!

Now, how hard could it be to be able to edit it using the web interface, the same way the htpasswd list is maintained? It could also be used to maintain the banlist and any other settings in the future which relies upon a simple file, so it could be more general maybe than just a code duplication / mod.. What do you think about that?
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Feature Requests All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber