Mac OS X Server,  Mac Security

Password Protecting QuickTime Streams

Password protecting QuickTime Streaming Server is a bit different than password protecting most other Mac OS X services. For starters, you should define a local QTSS Users file and a local Groups file. for the server. You can do so using /Library/QuickTimeStreaming/Config/qtusers and /Library/QuickTimeStreaming/Config/qtgroups respectively. Each user can be defined in the qtusers file and each group in the qtgroups file should contain the pertinent users on a line with the name of the group, followed by a colon (:) followed by the users that make up the group.

In order to password protect a stream served by Quick Time Streaming Server you will then need to create a text file that defines an AuthUserFile and an AuthGroupFile, along with the required user and group permissions. This actually allows you to store you files outside of the Config directory, which I wouldn’t really recommend. The file will need to specify an AuthName, which we can use to define a realm of “QTSS”, a AuthUserFile (the URI to the qtusers file), the AuthGroupFile (the URI to the qtgroups file), and require statements for users and groups. Sounds complicated but it’s just something similar to the following:
AuthName "QTSS"
AuthUserFile /Library/QuickTimeStreaming/Config/Users/qtusers
AuthGroupFile /Library/QuickTimeStreaming/Config/Users/qtgroups
require user viewer
require group viewer

The above would require one of the passwords in order to open a stream. As of 10.5, you can also integrate streams with Open Directory, using the users and groups from OD to tap into streams. In versions of the operating system subsequent to 10.5 you might have to go to a 10.5 box to get a copy of the template qtusers and qtgroups file as it might not be present by default.