Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

using RTSP with bearer authentication

Answered

Comments

3 comments

  • Sergey Yuldashev
    • Network Optix team

    Hello Eylon Cohen ,

    Is the "hyphen username" feature fully supported in this specific build, or is a newer patch required?

    Due to certain complications it is not going to be delivered under 6.1.0 support and will only be available with 6.2 version.

    Partially because of that the complete depreciation of digest auth was postponed to 6.2 too.

     

    Are there specific global security levels that override the hyphen-token method?

    No, there are not. It is just not supported yet.

    As soon as it is delivered, this option will be covered in one of the public documentation sections.

    0
  • Ben Evans

    I did a bit of digging with this. In my installed version (6.1.2.42921), I found that NX advertises WWW-Authenticate: Digest realm="VMS" in its 401 response. The -:token Basic auth scheme works, but only if you: 

    • Let NX issue the Digest 401 challenge first. Sending Basic auth causes NX to close the connection silently
    • Never send OPTIONS to NX on the same TCP connection before DESCRIBE, as it prevents the Basic auth from being accepted afterward.

    Most clients (VLC, ffplay, etc.) follow the Digest challenge, get the 401, and won't attempt Basic.

    I made a quick Python script which allows you to specify your original credentials, and get them exchanged for a token, and which then allows clients to connect. It's fundamentally less secure than even digest, but it might help someone somewhere: https://github.com/bevans-vc/nx-witness-rtsp-proxy

    0
  • Norman
    • Network Optix team

    Hi Ben Evans,

    Thank you for sharing your experience and providing the script.

    We would appreciate it if you could also share your insights on Digest Authentication by participating in our survey, which you can access HERE.

    Thank you for your valuable feedback.

    0

Please sign in to leave a comment.