[FFmpeg-devel] RTSP over HTTP tunnel authentication

Stas Oskin stas.oskin
Mon Jun 14 20:29:24 CEST 2010

On Mon, Jun 14, 2010 at 9:23 PM, Stas Oskin <stas.oskin at gmail.com> wrote:

> Hi.
> For what it's worth, I read the fine manual and set up password protected
>> viewing with DSS. Even then, no password was requested for the get/post
>> requests, only for the actual RTSP requests within the tunneled session.
>> We actually might be speaking of same things but under different terms.
> In my experience, auth is required twice:
> 1) Single GET request, that establishes channel for receiving RTSP
> responses and actual data.
> 2) Single POST request, that establishes channel for sending RTSP request.
> I.e., the auth is sent with GET and with POST - each RTSP request/reply is
> already passing through the established channels and does not require any
> additional authentications.

Actually re-reading our communication, it clearly seems there are multiple
approaches to auth, probably because there is no defined standard of how to
do it. Probably the equipment vendors have decided to re-use web-server
authentication mechanism and save RTSP authorizations onwards.

More information about the ffmpeg-devel mailing list