Implementing Authentication
The Authentication Setup program automatically places the RealServer
files in correct locations and adds configuration settings to the server.cfg
file. Information below is provided for your information should you want
to customize this feature.
There are seven steps required to manually implement Authentication:
- Place your files in the correct locations.
- Set up data storage.
- Configure the Authentication settings.
- Configure the CGI files.
- Configure the HTML files.
- Configure the .ram files.
- Configure the .rm files.
These steps are described in the following sections.
1. Placing Files in
the Correct Locations
Setup places RealServer files in correct locations; you must place your
files in specific places. Here are key aspects to consider:
- The data storage must be on the same computer as the RealServer.
- Your Web server and C compiler (if you are customizing the CGI) must
be running on the same operating system as the RealServer. If they aren't
on the same operating system, obtain the data storage plug-in and CGI files
appropriate to the second operating system and recompile the CGI for that
platform.
- All plug-ins must be stored in the plugins directory.
- The secure directory and the auth.rm directory must be
located under the directory with the BasePath
setting in the configuration file. The BasePath directory is the default
location for media clips. The Secure directory is the default location
for all clips and directories to which you want to restrict access.
- The auth.rm directory contains clips used to detect older versions
of RealPlayer. If an older version of RealPlayer is detected, files in
this directory display a message instructing the visitor to obtain a newer
version RealPlayer. While auth.rm and the associated clips are not
strictly necessary, it is strongly advised that they be used so that visitors
with older RealPlayers receive upgrade instructions instead of an error
message.
2. Setting Up Data
Storage
To authenticate end users, the RealServer stores user IDs and passwords
or playerIDs, and their associated access permission information. When a
RealPlayer tries to access a clip, the RealServer looks up this information
to see whether the RealPlayer or visitor is authorized to view the clip.
The information can be stored in either a series of text files or in a database.
See Authentication Text File and Database Structure
for information on the structure of these storage files or database. Templates
for common databases are installed during Setup.
Storing Information in Text Files
The text file method is the default server installation, as it allows
greater insight into the access permission structure, but the text file
method lacks the scaleability and flexibility of a full database application.
It is recommended that the text file only be used for demographic tracking
applications or for troubleshooting the system before linking the database
to the RealServer.
The text files do not exist physically when the RealServer is first installed.
They are created when you run RealServer the first time and the AuthDBPlugin configuration file setting
is set to rn-ppv-basic. When RealServer creates the file structure,
it creates the ppvbasic.txt file. The second and subsequent times
you start the RealServer, the RealServer looks for this file. If the file
does not exist, it recreates the directory structure.
Do not delete the ppvbasic.txt file! If you delete the
ppvbasic.txt file, RealServer will rewrite the directories and will erase
their prior content.
See also Configuring Authentication Settings.
Storing Information in a Database
The authentication package contains templates for common databases, including
mSQL and common ODBC-compliant databases. Users can also work with databases
for which templates do not exist, by setting up the data source with the
appropriate table structure.
RealServer knows to use the database (rather than the text file structure)
when the AuthDBPlugin is set
to rn-ppv-msql or rn-ppv-odbc, and AuthDBName
is set to the name of the database.
To set up an ODBC-compliant database other than those for which template
files have been included, first create the database source, then create
the database .ddl file, and finally use the procedure below to set up your
computer for ODBC compliance.
To set up your Windows computer for ODBC compliance:
If you are running RealSystem on a UNIX platform, you may skip this
step.
- On the Start menu, point to Settings, and click Control
Panel.
- Double-click 32bit ODBC.
- On the System DSN tab, click Add.
- Select your ODBC driver from the list of drivers and click Finish.
- In the ODBC SQL Server Setup dialog box, type the data source
name. Click Select.
- Type or browse for the path to your database file and click OK.
- Click OK to exit the ODBC Data Source Administrator.
You have now told RealServer where to find your database.
To set up the supplied database application
on UNIX:
- At a command line, start the database by typing the following:
./msql2d &
- Create the database by typing the following:
./msql create <databasename>
Note that whatever you type for <databasename> will need to
match the AuthDBName as described
in the next section.
- Create the tables using the database text file by typing the following:
.msql -h <localhost> <databasename> < <textfilename>
Be sure to include the less-than sign (<).
3. Configuring Authentication
Settings
Add the Authentication settings to server.cfg. The settings to
add are:
AuthDBPlugin and AuthDBName work in conjunction to tell
RealServer whether Authentication is enabled, and if so, what data storage
file(s) to use.
There are four valid combinations of the AuthDBName and AuthDBPlugin
settings:
AuthDBPlugin value |
AuthDBName value |
Result |
blank |
blank |
Authentication is disabled. |
rn-ppv-basic |
path to directory - for example, c:\real\server\
plugins |
Authentication is enabled, and the supplied text files are used as authentication
data storage. |
rn-ppv-msql |
name of database - for example, auth.db |
Authentication is enabled, and a supplied or custom database is used as
authentication data storage. |
rn-ppv-odbc |
name of database-for example, "mydatabase" (as set up in ODBC
control panel) |
Authentication is enabled, and a supplied or custom database is used as
authentication data storage. |
4. Configuring CGI
files
Default CGI files are included with the RealServer installation, as well
as uncompiled templates for creating customized CGI files.
If the supplied CGI files meet your needs, place them in your Web server
script folder.
If you want to customize the supplied CGI files, use the steps below.
To customize your interface:
- Open ppvodemo.cpp (in Windows) or ppvmdemo.cpp (in UNIX)
in your editor.
Replace or rename parameters passed in by the .html form.
- Recompile the CGI file.
- Install the CGI file in the Web server's CGI directory. Make sure appropriate
folder exists and file permissions are set.
5. Configuring HTML
files
These files determine what the viewer sees when registering on your site.
To customize register.html:
- Open the supplied register.html in your HTML or text editor.
- Replace "your.webserver.here" with the name of your Web server.
- Replace "path-to-cgi-bin" with the path to your Web server
Script directory.
- Replace "auth.cgi" with the name of the CGI script you created
in "Configuring CGI files," above.
- Replace "path-to-the-plugin" with the full path to the plug-in
you will be using.
- Replace "auth.db" with the value specified by the AuthDBName configuration setting
in server. cfg.
- Replace the value for "Realm" with the value of the Realm
setting in the configuration file.
- Replace "0" with the value specified by the AuthMode
onfiguration setting in server.cfg.
- Make the appropriate changes for type of Authentication you'll be using:
- Player-based authentication:
- Replace "your.realserver.here" with the name of your
RealServer.
- Replace "register" with the value specified by the
AuthRegPrefix
configuration file setting in server.cfg.
- User-based authentication:
- Replace "pnm://your.realserver.here/register" with
"http://your.webserver.here/confirm.html," where
"your.webserver.here" is the name of your Web server.
- Remove subsequent line.
!--noedit-->
- The other lines in register.html may be safely modified by following
the instructions at the top of the page, but these aren't required.
- Move the newly modified register.html to your Web server root
directory.
To customize confirm.html
- Open the supplied confirm.html.
- Replace "your.webserver.here" with the name of your Web server.
- Replace "path-to-cgi-bin" with any path information required
to get to the Web server Script directory.
- Replace "auth.cgi" with the name of the CGI script you created
in "Configuring CGI files," above.
- Replace "path-to-the-plugin" with the full path to the plug-in
you will be using.
- Replace "auth.db" with the value of the AuthDBName configuration
setting in the server.cfg file.
- Make the appropriate change for the type of Access you'll be providing:
- Event-based access:
- Replace "secure" with the path from the BasePath to the secure
content directory (such as secure)
- Remove the lines referring to "debitttime" and "expirestime."
!--noedit-->
- Duration-based access:
- Replace "secure" with the path (from BasePath) to the secure
content file (such as "secure/secure.rm").
- On the line referring to "debittime," replace "0"
with "1".
- Remove the line referring to "expirestime."
- Replace "05/24/70" with the proper expiration date.
!--noedit-->
- Calendar-based authentication:
- Replace "secure" with the path (from BasePath) to the secure
content file (usually secure/secure.rm).
- On the line referring to "permissiontype," replace "0"
with "2".
- On the line referring to "debittime," replace "300"
with the proper time value (in seconds).
- Remove the line referring to "expirestime".
!--noedit-->
Replace "urltype" with "1" for a directory,
"0" for an individual clip. It is recommended that directory
authentication be used, as bandwidth negotiation will not function with
clip-level authentication.
Replace "your.webserver.here" with the name of your Web
server.
The other lines in confirm.html may be safely modified by
following the instructions at the top of the page, but these aren't required.
Move the newly modified register.html to your Web server
root directory.
To customize authlink.html
The authlink.html files works with its default settings. Place
it in the same directory where you placed register.html and confirm.html.
6. Configuring
.ram files
The .ram metafiles are the link between your Web pages and the media
files stored on the RealSystem. The sample files contain placeholders for
the paths to the auth.rm and secure.rm directories.
- Open the supplied auth.ram in your text editor.
- Replace "your.realserver.here" in the following line with
the name of your RealServer:
pnm://your.realserver.here/auth.rm
- Open the supplied secure.ram in your text editor.
- Replace "your.realserver.here" in the following line with
the name of your RealServer:
pnm://your.realserver.here/secure/secure.rm
- Place the .ram files in the Web server directory that contains the
authlink.html file you customized in Configuring
HTML files, above.
7. Configuring
.rm files
If you are using Player-based authentication, you must configure register.rm.
In addition, in both Player-based and User-based authentication, the
files in the auth.rm directory are used to detect earlier versions of RealPlayer
that are installed on visitors' computers. These .rm files contain embedded
events which redirect visitors' Web browsers to the RealServer download
page at www.real.com.
RealPlayer versions 3.0 and earlier do not work with Authentication
and may display an error message. RealPlayer version 4.0 works with Player-based
Authentication only. RealPlayer version 5.0 supports both Player-based Authentication
and User-based Authentication.
Although the files related to auth.rm are not necessary for running
a secured Web site, they are highly recommended. If these files are not
installed and configured, visitors with older versions of RealPlayer will
receive an error message instead of being sent to the RealNetworks Web page
to upgrade their players.
If you choose not to use these files, modify the link on authlink.html
that points to auth.ram so that it points directly to register.html
instead of to auth.ram.
To create and configure the auth.rm files:
- Replace the URL in the supplied auth.txt file with the URL of
the register.html page.
- Run rmmergermmergeuse in configuring Authentication (command
line:
rmmerge -f rmevents.dll auth.txt auth.rm
). For
more information, see the RealAudio and RealVideo Content Creation Guide.
- Make 6 copies of the auth.rm file.
- Rename the copies and give them the following names:
|
pnrv.144 |
pnrv.24 |
|
pnrv.18 |
pnrv.36 |
|
pnrv.1930 |
pnrv.70 |
- Place the newly created files in the \Content\auth.rm directory
on the RealServer.
If you're using Player-based Authentication, create the register.rm
file, which will extract each RealPlayer ID.
To create and configure the register.rm file for Player-based Authentication
- Replace the URL in the supplied register.txt with the URL of
the confirm.html page.
- Run rmmerge (command line:
rmmerge -f rmevents.dll
register.txt register.rm
).
- Move the newly created register.rmregister.rm file to the content
directory of the Web server.
© 1997 RealNetworks, Inc.