Mailing List Archive: DAViCal: General

Re: [DAViCal-general] HTTP Auth: Digest authentication

Index | Next | Previous | View Threaded

neil.ramsay at agentnoel

Mar 17, 2012, 2:10 PM

Post #1 of 4 (285 views)
Permalink

Re: [DAViCal-general] HTTP Auth: Digest authentication

Good morning Andrew,
Apache Digest authentication is mentioned in
http://wiki.davical.org/w/Release_Notes/0.9.9.5.
How does one go about configuring DAViCal to use Apache Digest
authentication?

Neil Ramsay

On 3/08/2010 05:57, Andrew McMillan wrote:
> On Sun, 2010-08-01 at 00:02 +0200, Michael Rasmussen wrote:
>> Hi Andrew,
>>
>> Do you have any plans for implementing digest authentication in DAViCal?
>> From the example here: http://php.net/manual/en/features.http-auth.php
>> It does not seem to be rocket science:-)
> It should already work with Digest authentication, however this requires
> passwords to be stored in the clear in DAViCal, which is not ideal.
> There's no support in DAViCal for storing passwords in the clear when
> they get changed, either, though it would not be hard to add something
> to do this. There may be other changes in the Digest auth code - I
> wrote it ages ago but it's almost never used.
>
> Cheers,
> Andrew.
>
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://p.sf.net/sfu/dev2dev-palm
>
>
> _______________________________________________
> rscds-general mailing list
> rscds-general [at] lists
> https://lists.sourceforge.net/lists/listinfo/rscds-general

Attachments:

neil_ramsay.vcf (0.13 KB)

signature.asc (0.25 KB)

vvh at synergylaw

Mar 18, 2012, 2:03 AM

Post #2 of 4 (273 views)
Permalink

Re: [DAViCal-general] HTTP Auth: Digest authentication [In reply to]

Hi there,

> Apache Digest authentication is mentioned in
> http://wiki.davical.org/w/Release_Notes/0.9.9.5.
> How does one go about configuring DAViCal to use Apache Digest
> authentication?

The wiki is searchable ;)

http://wiki.davical.org/w/Configuration/settings/http_auth_mode

Kind regards,
--
Vincent Van Houtte
--
Advocatenkantoor Suy, Van Baeveghem & Van Houtte
Brusselsestraat 108
9200 DENDERMONDE
T 052520605
F 052520646
W http://synergylaw.be

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Davical-general mailing list
Davical-general [at] lists
https://lists.sourceforge.net/lists/listinfo/davical-general

neil.ramsay at agentnoel

Mar 23, 2012, 7:15 PM

Post #3 of 4 (265 views)
Permalink

Re: [DAViCal-general] HTTP Auth: Digest authentication [In reply to]

Sorry, I should have been more specific.
I am attempting to get Apache to do HTTP digest authentication, and then
have DAViCal accept that user.

I have tried following the instructions on,
http://wiki.davical.org/w/Configuration/Authentication_Settings
but I cannot get it to pass-through.

Suggestions?

Neil Ramsay

On 18/03/2012 22:03, Vincent Van Houtte wrote:
> Hi there,
>
>> Apache Digest authentication is mentioned in
>> http://wiki.davical.org/w/Release_Notes/0.9.9.5.
>> How does one go about configuring DAViCal to use Apache Digest
>> authentication?
> The wiki is searchable ;)
>
> http://wiki.davical.org/w/Configuration/settings/http_auth_mode
>
> Kind regards,

Attachments:

neil_ramsay.vcf (0.13 KB)

signature.asc (0.25 KB)

andrew at morphoss

Mar 25, 2012, 4:44 PM

Post #4 of 4 (264 views)
Permalink

Re: [DAViCal-general] HTTP Auth: Digest authentication [In reply to]

On Sat, 2012-03-24 at 15:15 +1300, Neil Ramsay wrote:
> Sorry, I should have been more specific.
> I am attempting to get Apache to do HTTP digest authentication, and then
> have DAViCal accept that user.
>
> I have tried following the instructions on,
> http://wiki.davical.org/w/Configuration/Authentication_Settings
> but I cannot get it to pass-through.
>
> Suggestions?

Can you be a little more specific? How are you running PHP from within
Apache? Is it the standard libapache2-mod-php5 or equivalent, or are
you using FastCGI or FCGI?

The line on the wiki suggesting:

$c->authenticate_hook['server_auth_type'] = array('Negotiate','Basic');

will probably need more elements in that array for Digest - the word
'Digest' springs to mind, but it might not be the only one :-)

I doubt this is a frequently used piece of code and I suspect that
you'll eventually need to add some debugging
into /usr/share/davical/inc/HTTPAuthSession.php to see what exactly is
happening. There could well be bugs.

Note that even when you do get this going this will require the user's
account to be pre-created in DAViCal - just that any password in there
will be ignored.

Just looking at this code in HTTPAuthSession.php again it all seems
remarkably baroque and old and could do with a rewrite - it must have
been written five or more years ago now. In particular the constructor
method should probably switch based on a configuration setting rather
than working it out based on what variables are available to it.

I hope this is some help, but I suspect it's not enough :-)

If you're on IRC sometime join us in #davical on irc.oftc.net [1]

Cheers,
Andrew.

[1] Though my availability is restricted for the next few weeks as
Heather is in surgery tomorrow and will be recovering for the next six
weeks...

--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
QOTD:
"It's been real and it's been fun, but it hasn't been real fun."

------------------------------------------------------------------------

Attachments:

signature.asc (0.82 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads