GstRtspSink - Basic Authentication

Previous: RTSP_over_HTTP_Tunneling

Index

Next: Stream_Encryption

GstRtspSink
Getting the code
Evaluating GstRtspSink
Building the Plug-In
Basic usage
Multicast
RTSP over HTTP Tunneling
Basic Authentication
Stream Encryption
Independent Stream Control
Simple Examples
Advanced examples
Dual H264 Video Streaming Audio+Video Streaming Audio+Video Streaming Plus H264 Single Streaming Transport Stream RTSP Streaming Multicast+Authentication Live File Streaming Dual Multicast Multicast Audio+Video
C Examples
Performance
NVIDIA Jetson iMX6 Nitrogen Qualcomm RB5
Client Applications
Legacy GstRtspSink
Contact Us

GstRtspSink can restrict RTSP access by requiring username and password credentials. This page shows the syntax of the auth property, how to configure multiple users, and how clients pass credentials in the RTSP URL.

Authentication property

The auth property defines one or more username and password pairs with this format:

auth=user1:password1,user2:password2

• If the "auth" property is not set, the clients will not require any authentication from the server.
• If a user entry is malformed, GstRtspSink will ignore it and will continue processing the rest. For example, the following snippet is malformed because there are no colons ":" after user1.

rtspsink service=5000 auth=adrian:cervantes,user1,user:pass

In such a case, user1 would be ignored.

• If a user has an empty password, that user will not need a password to connect. For example:

 rtspsink service=5000 auth=user:

Streaming will be restricted to user, but a password will not be required.

Server example

The following example will allow streaming to two different users: adrian and user. Their passwords are, respectively: cervantes and pass.

gst-launch-1.0 videotestsrc ! x264enc ! video/x-h264, mapping=/stream1  ! rtspsink service=5000 auth=adrian:cervantes,user:pass

Client example

GStreamer client example

SERVER_IP=localhost
PORT=5000
MAPPING=auth_test
USER=anonymous
PASSWORD=secret
gst-launch-1.0 rtspsrc location="rtsp://${USER}:${PASSWORD}@${SERVER_IP}:${PORT}/${MAPPING}" ! rtph264depay !  decodebin ! videoconvert ! autovideosink

VLC client example

SERVER_IP=localhost
PORT=5000
MAPPING=auth_test
USER=anonymous
PASSWORD=secret
vlc rtsp://${USER}:${PASSWORD}@${SERVER_IP}:${PORT}/${MAPPING}

Additionally, the username and password can be left out of the command, in which case VLC will prompt for them in a dialog.

Security notes

• Basic authentication protects access control but does not encrypt the media by itself
• Use Stream Encryption when confidentiality is required
• Avoid weak credentials in shared environments

Summary

Authentication is the simplest way to restrict who can open a stream. Configure credentials on the server and pass them in the RTSP client URL.

Problems running the examples on this page? See GStreamer Debugging for practical debugging steps.

Related pages

• GstRtspSink
• GstRtspSink - Basic usage
• GstRtspSink - Simple Examples
• GstRtspSink - Advanced examples
• GStreamer Debugging

FAQ

Can I define more than one user?

Yes. Separate username and password pairs with commas in the auth property.

Does authentication alone encrypt the stream?

No. Authentication controls access, but media confidentiality requires stream encryption.

Previous: RTSP_over_HTTP_Tunneling

Index

Next: Stream_Encryption