276

Controlling Access to Streamed Media

You can set up authentication to control client access to streamed media files.

Two schemes of authentication are supported: basic and digest. By default, the server uses the more secure digest authentication.

You can also control playlist access and administrator access to your streaming server. Authentication does not control access to media streamed from a relay server.

The administrator of the relay server must set up authentication for relayed media. The ability to manage user access is built into the streaming server, so it is always enabled.

For access control to work, an access file must be present in the folder you selected as your media folder. If an access file is not present in the streaming server media folder, all clients are allowed access to the media in the folder.

To set up access control:

1Use the qtpasswd tool to create new user accounts with passwords.

2Create an access file and place it in the media folder that you want to protect.

3If you want to disable authentication for a media folder, remove the access file (called qtaccess) or rename it (for example, qtaccess.disabled).

Creating an Access File

An access file is a text file called qtaccess that contains information about users and groups that are authorized to view media in the folder in which the access file is stored. The folder you use to store streamed media can contain other folders, and each folder can have its own access file. When a user tries to view a media file, the server checks for an access file to see whether the user is authorized to view the media. The server looks first in the folder where the media file is located. If an access file is not found, it looks in the enclosing folder. The first access file that’s found is used to determine whether the user is authorized to view the media file. The access file for the streaming server works like the Apache web server access file.

You can create an access file with any text editor. The filename must be qtaccess and the file can contain some or all of the following information:

AuthName message AuthUserFile user filename AuthGroupFile group filename require user username1 username2 require group groupname1 groupname2 require valid-user

require any-user

Chapter 16 Working with QuickTime Streaming Server

Page 276
Image 276
Apple Mac OS X Server manual Controlling Access to Streamed Media, Creating an Access File