How to specify username and password for stun server when creating RTCPeerConnection
2,946 views
Skip to first unread message
Y Du
Jul 5, 2013, 3:16:58 PM7/5/13
to discuss...@googlegroups.com
Currently I specify "iceServers" for RTCPeerConnection as follows:
var turnServer = {"url":"turn:mytu...@yy.yy.yy.yy:3478","credential":"myturnpasswd"};
var iceServers = { "iceServers": [ stunServer, turnServer ] };
var pc = new RTCPeerConnection(iceServers);
Our stun server currently does not need authentication, but I want to know if stun authentication is enabled, how do I specify username and password? Is it the same as the format of turn, e.g.:
var stunServer = {"url":"stun:myst...@xx.xx.xx.xx:3478","credential":"mystunpasswd"};
Thanks,
Yong
Mallinath Bareddy
Jul 6, 2013, 3:04:17 AM7/6/13
to discuss...@googlegroups.com
STUN server authentication currently not supported in chrome and stunServer address format doesn't not take username and password. This can be achieved if TURN server is used as STUN server and using the same credentials supplied in turnServer.
IOW var iceServers = { "iceServers": [ turnServer ] }.
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Oleg Moskalenko
Jul 6, 2013, 2:07:03 PM7/6/13
to discuss...@googlegroups.com
STUN servers usually do not require authentication. The reason is, as it was explained in STUN RFC, that answering an unauthorized request is "lighter" on the system than the authorization procedure. There is no secure information in the STUN server BINDING response, so the authorization is not required from the security point of view.
TURN is another story. Its operation has serious security implications, so this is why usually TURN server requires authorization. But even TURN server may not require authorization for simple STUN BINDING request. For example, rfc5766-turn-server allows unauthorized BINDING STUN requests but it requires authorization for everything else. So it can be used as both STUN and as TURN server simultaneously.
TURN is another story. Its operation has serious security implications, so this is why usually TURN server requires authorization. But even TURN server may not require authorization for simple STUN BINDING request. For example, rfc5766-turn-server allows unauthorized BINDING STUN requests but it requires authorization for everything else. So it can be used as both STUN and as TURN server simultaneously.
Reply all
Reply to author
Forward
0 new messages