Airtime Icecast User Authentication
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    We would like to limit connections to our icecast stream to authenticated users. Icecast has the ability to do authentication via a URL however I don't see any configuration options in airtime to allow specification of the URL.  Has anyone done something like this?  Can you point me in the right direction?

    Thanks


    Post edited by Walt Baldwin at 2015-01-20 16:39:31
  • 9 Comments sorted by
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    Each Mount point can carry its own authentication read here http://icecast.org/docs/icecast-2.4.1/auth.html


    and I have include the mount set up and place comment above the relevant sections

    Although the version I show above is for 2.4,The other versions are here




    sample_mount.txt
    2K
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    Thanks for the response.  I have what I think should be a working conf per the docs:

      <mount>
            <mount-name>/airtime_128</mount-name>
            <authentication type="url">
                <option name="listener_add" value="http://ourserver.org/auth"/>
            </authentication>
      </mount>

    i have verified that the auth path returns either "icecast-auth-user: 1" or "icecast-auth-user: 0" appropriately.  however the browser always presents an http basic auth username/password dialog.

    log file contains the following:

    INFO auth_url/url_add_listener client auth (http://user:pass@server/icecast_url_auth) failed with ""

    curl returns:

    curl -i http://user:password@server/icecast_url_auth

    HTTP/1.1 200 OK
    Date: Fri, 23 Jan 2015 21:27:28 GMT
    Server: Apache/2.2.15 (CentOS)
    X-Powered-By: PHP/5.3.3
    Expires: Sun, 19 Nov 1978 05:00:00 GMT
    Last-Modified: Fri, 23 Jan 2015 21:27:28 GMT
    Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
    ETag: "1422048448"
    icecast-auth-user: 1
    icecast-auth-message: OK
    Content-Language: en
    Content-Length: 24
    Connection: close
    Content-Type: text/html; charset=UTF-8

    any suggestions would be appreciated.
    Post edited by Walt Baldwin at 2015-01-23 16:34:31
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    Has anyone successfully configured icecast URL authentication?
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    Just was busy
    I did this long ago but I almost sure you have to set up some form of htacces pass,but I will look at it again(do not have access to that server now because the person used it for premium listeners)but I will find my notes which is in state of confusion.
    Soon post solution
    Post edited by Voisses Tech at 2015-01-26 10:37:24
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    @Walt_Baldwin
    Quick Question.
    What version of Icecast You are using

    VOISSES
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    @Voisses_Tech

    Icecast 2.3.2 was installed with Airtime installer.  Airtime was installed on top of newly installed latest Debian 7.  (Oh, how I pine for Centos)

    In an effort to get to the bottom of things, I built a new version of icecast (2.4.1) from source and ran it in DDD.  Still haven't got it to work yet but the first issue I identified was with htauth on the drupal server.  Haven't tracked down why but encoding the user/pass in url wasn't working out. 

    I removed the user/pass from url and turned off htauth on apache.  Stepping thought with DDD, icecast authenticated properly with drupal server and connected the listener but then promptly disconnected the listener. Didn't have time to dig into why.

    If someone has a known working config that would be great.  Otherwise, I'll pursue another DDD session in a day or so.

    Thanks,
    Walt

    Post edited by Walt Baldwin at 2015-02-02 20:47:23
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    bump
  • Vote Up0Vote Down Voisses TechVoisses Tech
    Posts: 1,423Member
    Oops,
    I spent my weekend coding a script for Api ( tunein,Itunes etc) that do not make direct calls to liquidsaop then watch NFL was hoping to Assist Latter this week but

     have you gotten a solutions?

    Ok

    Voisses
    Anyone reading this a find it funny about my grammar , I make no apology ,Go get a translator.
    "The Problem with education today is that it takes a university degree to switch on a light bulb"
    "You learn from your mistakes but wise people learn from others mistakes avoid Making mistakes there is not sufficient rooms to make them"
    "Innuendo","If's","Assumptions" and "Fear" are for politician.Who,What,where,When and How are for those seeking knowledge and care about Humanity.
    "I might be in Mud but that does not Make me a Wild Hog(pig)"
    “Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.”
    "The only thing that remains constant is change itself"
    May the force be with you,until our path or destiny bring us in tandem.
  • Vote Up0Vote Down Walt BaldwinWalt Baldwin
    Posts: 8Member
    Have it worked out to some extent...

    The initial issue is with the way icecast constructs the basic auth header.  While it parses the username and password from the url specified in the xml file it doesn't construct the curl transaction properly and as a result the auth attempt is denied by apache.

    As I mentioned previously, after removing the basic auth from the apache config I was able to connect successfully using url auth with a custom drupal module providing the auth url.  Unfortunately, immediately after connecting the listener, icecast would drop the connection.  This turned out to be an issue with the custom drupal module.  I had it returning header-timeout with no value.  This was interpreted by icecast as 0.  So, icecast was authenticating properly and then disconnecting as directed by the header-timeout value.

    The short of all this is that icecast url auth works as documented without http basic auth.  There is a bug in icecast that precludes the use of http basic auth.
    Post edited by Walt Baldwin at 2015-02-08 23:54:31
Add a Comment