On Tue, Mar 03, 2009 at 02:14:34PM +0100, Georg Troska wrote:
Hi, I was able to do it with Ubuntu Intrepid.
Kerberos works. NSS not at the moment. I wrote a script that runs via cronjob creating a xml-file from LDAP for the user information. I'm still working on the NSS thing.
Use account.xml with no password and loginnames that are of the same kind than in your kerberos database. Make sure that your keytab is readable by caldavd and use lowercase http/ (not HTTP/) for the principal entry. Kerberos based login are depending on your client as well. Which one are you using?
Georg
I followed your idea, and now i'm trying with a generated account.xml with kerberos authentication. it still doesn't work, but with a more verbose error: here is the log. 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] Log opened. 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twistd 8.1.0 (/usr/bin/python 2.5.2) starting up 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'> 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8008 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] Starting factory <twisted.web2.channel.http.HTTPFactory instance at 0x188d7a0> 2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8443 2009-03-04 11:45:48+0100 [-] [caldav-8008] [-] set uid/gid 103/105 2009-03-04 11:45:48+0100 [twistedcaldav.logging.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket('')) 2009-03-04 11:45:48+0100 [-] [caldav-8008] [-] AMP connection established (HOST:UNIXSocket(None) PEER:UNIXSocket('/var/run/caldavd/caldavd.socket')) 2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <XMLDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/accounts.xml')> has no GUID; generating service GUID from realm name." 2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <SudoDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service GUID from realm name." 2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1 2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] 'Authentication failed: Invalid nonce value: 6152332 -- a lot of numbers here (ndr)-- 554623523' 2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1 2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] Exception rendering: 2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] Unhandled Error 2009-03-04 10:47:45+0100 [-] [caldav-8008] Traceback (most recent call last): 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 186, in addCallbacks 2009-03-04 10:47:45+0100 [-] [caldav-8008] self._runCallbacks() 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 328, in _runCallbacks 2009-03-04 10:47:45+0100 [-] [caldav-8008] self.result = callback(self.result, *args, **kw) 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/dav/resource.py", line 722, in login 2009-03-04 10:47:45+0100 [-] [caldav-8008] d = request.portal.login(pcreds, None, *request.loginInterfaces) 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/cred/portal.py", line 114, in login 2009-03-04 10:47:45+0100 [-] [caldav-8008] return maybeDeferred(self.checkers[i].requestAvatarId, credentials 2009-03-04 10:47:45+0100 [-] [caldav-8008] --- <exception caught here> --- 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 106, in maybeDeferred 2009-03-04 10:47:45+0100 [-] [caldav-8008] result = f(*args, **kw) 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/aggregate.py", line 135, in requestAvatarId 2009-03-04 10:47:45+0100 [-] [caldav-8008] type).requestAvatarId(credentials) 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/directory.py", line 109, in requestAvatarId 2009-03-04 10:47:45+0100 [-] [caldav-8008] if user.verifyCredentials(credentials.credentials): 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/xmlfile.py", line 144, in verifyCredentials 2009-03-04 10:47:45+0100 [-] [caldav-8008] return credentials.checkPassword(self.password) 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 153, in checkPassword 2009-03-04 10:47:45+0100 [-] [caldav-8008] calcHA1(algo, self.username, self.realm, password, nonce, cnonce), 2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 62, in calcHA1 2009-03-04 10:47:45+0100 [-] [caldav-8008] m.update(pszPassword) 2009-03-04 10:47:45+0100 [-] [caldav-8008] exceptions.TypeError: update() argument 1 must be string or read-only buffer, not None the account.xml is: <!DOCTYPE accounts SYSTEM "accounts.dtd"> <accounts realm="DOMAIN.LOCAL"> <user> <uid>admin</uid> <name>Super User</name> </user> <user> <uid>marco.ghidinelli</uid> <name>Marco Ghidinelli</name> <cuaddr>mailto:marco.ghidinelli@domain.net</cuaddr> </user> </accounts>