Streaming Media Supplement sa2150 and sa2250
30
Chapter 3 Understanding Media-IXT and RealNetworks
Understanding authentication and RealNetworks
Recall that Media-IXT supports two types of authentication.
Proxy authentication through to origin server.
RealProxy passes authentication credentials from RealPlayer
to origin RealServer, and passes any authentication responses from RealServer to RealPlayer. No configuration
is necessary to make this happen. Content requiring authentication is cached and logged the same as any other
content.
LDAP authentication.
LDAP authentication is implemented by means of a plugin, mixt-realmedia-
auth.so, which listens on a configurable port, waiting for a RTSP connection.
LDAP authentication works like this:
1. A RealPlayer client requests a stream
2. mixt-realmedia-auth.so sends an authentication request to the RealPlayer
3. RealPlayer then prompts the user for a username and password
4. mixt-realmedia-auth.so then queries the LDAP database to check for a match
5. If a match is found, mixt-realmedia-auth tunnels traffic between the client and the proxy; otherwise,
the plugin asks the client for another username/password pair
LDAP authentication may be understood by looking at a typical scenario, where it insures that users of an
enterprise intranet have certain constraints on their access to the Internet outside the corporate firewall.
LDAP authentication uses an LDAP database which resides on some system that’s part of the enterprise
intranet. The configuration process is part of Traffic Server functionality. See the HP Cache Server Appliance
Administrator Guide for details. Configuring LDAP causes Traffic Server Media–IXT to know where the
LDAP database lives, so the mixt-realmedia-auth plugin is able to query the LDAP database.
LDAP itself offers very flexible configuration of which users have which privileges. When an intranet user
requests content outside the firewall, she is prompted for a username and password. Then the privileges
associated with her identity in the LDAP database are used to determine whether the particular site she wishes
to access is permitted to her. Perhaps some users will be permitted access to the Internet, and others will not.
RealPlayer only works with LDAP authentication when configured to use TCP as an underlying transport
protocol for the data channel.
For the LDAP Plugin installation procedure, see Chapter 7‚ Configuring Media-IXT for RealNetworks.
Understanding firewalls and RealNetworks
Firewalls and how they work with Media-IXT are explained in “Understanding firewalls” on page 16.
This section provides further information about deploying Media-IXT for RealNetworks streaming through a
firewall.
For configuration procedures, see “Configuring firewalls for RealNetworks” on page 75.
RealNetworks options for server-player connections
RealNetworks implements the conversations between players and servers in one of two ways.
If the network (especially the firewall) permits UDP traffic, RealNetworks can use this approach:
• one connection for the control protocol, RTSP, using TCP as its transport protocol
NOTE RealPlayer does not encrypt the username and password when sending them over the
network to the plugin.