From cca377d1cc02cd320c661f2ba288bea3c6b74441 Mon Sep 17 00:00:00 2001
From: aler9 <46489434+aler9@users.noreply.github.com>
Date: Tue, 21 Jun 2022 10:11:41 +0200
Subject: [PATCH] update readme

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 614470d1..f6fc71a2 100644
--- a/README.md
+++ b/README.md
@@ -246,6 +246,17 @@ Each time a user needs to be authenticated, the specified URL will be requested
 
 If the URL returns a status code that begins with `20` (i.e. `200`), authentication is successful, otherwise it fails.
 
+Please be aware that it's perfectly normal for the authentication server to receive requests with empty users and passwords, i.e.:
+
+```json
+{
+  "user": "",
+  "password": "",
+}
+```
+
+This happens because a RTSP client doesn't provide credentials until it is asked to. In order to receive the credentials, the authentication server must reply with status code `401` - the client will then send credentials.
+
 ### Encrypt the configuration
 
 The configuration file can be entirely encrypted for security purposes.