Secure your streams with authentication
Listener authentication allows you to control who can access your streams. Whether you're running a subscription service, private broadcast, or pay-per-listen operation, Mcaster1DNAS v2.5.1-rc1 provides flexible authentication methods to secure your content.
Mcaster1DNAS v2.5.1-rc1 supports two primary authentication mechanisms:
File-based authentication using htpasswd format. Users and passwords are stored in a local file that you manage through the web admin interface or command-line tools.
External authentication via HTTP requests. Integrates with web applications, databases, payment processors, or custom authentication systems (PHP, Python, Node.js, etc.).
Configure file-based authentication for simple username/password protection.
# mcaster1.yaml
mount:
- path: /premium
stream_name: "Premium Stream"
authentication:
type: htpasswd
filename: /etc/mcaster1/users.htpasswd
allow_duplicate_users: false # Prevent multiple connections per usernameAccess the authentication management interface at:
http://yourserver:8000/admin/stats.xsl
Look for the lock icon next to authenticated mountpoints. Click to manage users:
Note: The htpasswd file will be created automatically when you add the first user.
# Create htpasswd file and add user htpasswd -c /etc/mcaster1/users.htpasswd username # Add additional users (without -c to avoid overwriting) htpasswd /etc/mcaster1/users.htpasswd another_user # Remove user (edit file manually or use htpasswd -D) htpasswd -D /etc/mcaster1/users.htpasswd username
Integrate with external web services for dynamic authentication.
# mcaster1.yaml
mount:
- path: /subscription
stream_name: "Subscription Stream"
authentication:
type: url
auth_url: https://example.com/auth/verify
timeout: 5 # Timeout in secondsWhen a listener connects, Mcaster1DNAS sends an HTTP GET request to your auth_url with parameters:
https://example.com/auth/verify?mount=/subscription&user=username&pass=password&ip=192.168.1.100&agent=VLC%202.0
Your authentication script should return:
<?php
// verify.php - Simple authentication example
$mount = $_GET['mount'] ?? '';
$user = $_GET['user'] ?? '';
$pass = $_GET['pass'] ?? '';
$ip = $_GET['ip'] ?? '';
// Check against database, payment processor, etc.
$db = new PDO('mysql:host=localhost;dbname=radio', 'user', 'pass');
$stmt = $db->prepare('SELECT * FROM subscribers WHERE username=? AND password_hash=?');
$stmt->execute([$user, password_hash($pass, PASSWORD_DEFAULT)]);
if ($stmt->rowCount() > 0) {
// Log access
$logStmt = $db->prepare('INSERT INTO access_log VALUES (?, ?, ?)');
$logStmt->execute([$user, $ip, date('Y-m-d H:i:s')]);
http_response_code(200);
echo "Authenticated";
} else {
http_response_code(403);
echo "Access denied";
}
?>Use URL authentication to verify subscribers against a payment processor or membership database. Only active subscribers can listen.
Use HTPASSWD with employee credentials. Distribute usernames/passwords to authorized staff only.
URL authentication with payment gateway integration. Verify payment before allowing stream access.
URL authentication can check IP geolocation and deny access from specific countries or regions.
URL authentication with expiring tokens. Grant temporary access that expires after a set time.
Track who's listening to authenticated streams:
http://yourserver:8000/admin/listclients?mount=/premium
Shows usernames of authenticated listeners along with connection times and IP addresses.
allow_duplicate_users: false to prevent sharingallow_duplicate_users: false is setNext Steps: Review the Configuration Reference or explore Admin Interface features.