Chapter 7. Security

Table of Contents

This chapter explains some of the security concepts used by Flumotion and mentions details that a network administrator would want to know or specify, such as port numbers used by Flumotion and the types of encryption used by network connections. Flumotion uses a secure setup by default but its users should be conscious of the basics of security, and should read this chapter to know how to configure Flumotion for maximum security.

Remember, while it is possible to use Flumotion in a completely insecure mode, this would require you to actively set the configuration parameters to do so. For example, by default, Flumotion will use an SSL protocol so no communication is done in cleartext.

Authentication of Connections

In Flumotion, authentication is handled by bouncers components. For instance, the manager bouncer allows workers to log in to their managers and another type of bouncer allows viewers to see protected content via HTTP if a certain token parameter is set.

See also the Remote Workers Configuration section.

The Manager Bouncer

The bouncer that handles authentication to the manager is always started as part of the manager configuration. It is unlike any other component in the planet, since it's not started by a worker process, but integrated into the manager daemon itself.

Currently, Flumotion ships with only one supported manager bouncer type (htpasswdcrypt-bouncer), controlled by an Apache-style htpasswd format using crypted passwords. More types will be added in the future. See the Manager Bouncer Configuration section to learn how to specify allowed hosts, users and passwords.