Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error: 'Authentication failed: nonce-count is not a valid hex string: None' Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom
I got at least the http digest authentication to work with the debian installation. Besides some other issues that I posted and where I still working on. Whatever the reason might be, the caldavd.plist should give some hints. Jochen Tom Wright schrieb:
Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error:
'Authentication failed: nonce-count is not a valid hex string: None'
Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
plist attached, certificates are as specified li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1 root ssl-cert 664 May 4 12:11 /etc/ssl/certs/ssl-cert-snakeoil.pem li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1 root ssl-cert 887 May 4 12:11 /etc/ssl/private/ssl-cert-snakeoil.key --On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass <jgrotepass@googlemail.com> wrote:
I got at least the http digest authentication to work with the debian installation. Besides some other issues that I posted and where I still working on.
Whatever the reason might be, the caldavd.plist should give some hints.
Jochen
Tom Wright schrieb:
Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error:
'Authentication failed: nonce-count is not a valid hex string: None'
Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Well, maybe here are some hints: The caldavd is running under user "caldavd" on Debian. The file "/etc/ssl/private/ssl-cert-snakeoil.key" does not (by default) have read permissions to this user. So you might either add the user caldavd to the group ssl-cert or change the group access to caldavd. Next the authentication issue. As far as I have learned (pretty new) - you should *NOT* enable all authentication mechanisms together. Just set the digest to "true" and the rest to "false". Maybe this helps. Whereas I am currently starting to implement Kerberos as it seems to make more sense in my environment (thanks Georg Troska)... Jochen Tom Wright schrieb:
plist attached, certificates are as specified
li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1 root ssl-cert 664 May 4 12:11 /etc/ssl/certs/ssl-cert-snakeoil.pem
li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1 root ssl-cert 887 May 4 12:11 /etc/ssl/private/ssl-cert-snakeoil.key
--On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass <jgrotepass@googlemail.com> wrote:
I got at least the http digest authentication to work with the debian installation. Besides some other issues that I posted and where I still working on.
Whatever the reason might be, the caldavd.plist should give some hints.
Jochen
Tom Wright schrieb:
Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error:
'Authentication failed: nonce-count is not a valid hex string: None'
Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Hmm caldavd was a member of ssl-cert so i dont think thats it. I've changed all the permissions to group caldavd and running caldavd -X gives me errors: first line of the traceback is: twistedcaldav.config.ConfigurationError: Can't create TwistdSlaveProcess without a TCP Port Also originally I did just have digest authentication enabled, setting basic to false still gives me this error: 2009-05-06 15:47:22-0400 [-] [caldav-8008] [HTTPChannel,0,142.20.115.27] OPTIONS /calendars/ HTTP/1.1 2009-05-06 15:47:22-0400 [-] [caldav-8008] [HTTPChannel,0,142.20.115.27] 'Authentication failed: nonce-count is not a valid hex string: None' I'm not finding this one a friendly package On Wed, 06 May 2009 15:36:13 -0400, Jochen Grotepass <jgrotepass@googlemail.com> wrote:
Well, maybe here are some hints:
The caldavd is running under user "caldavd" on Debian. The file "/etc/ssl/private/ssl-cert-snakeoil.key" does not (by default) have read permissions to this user. So you might either add the user caldavd to the group ssl-cert or change the group access to caldavd.
Next the authentication issue. As far as I have learned (pretty new) - you should *NOT* enable all authentication mechanisms together. Just set the digest to "true" and the rest to "false". Maybe this helps. Whereas I am currently starting to implement Kerberos as it seems to make more sense in my environment (thanks Georg Troska)...
Jochen
Tom Wright schrieb:
plist attached, certificates are as specified
li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1 root ssl-cert 664 May 4 12:11 /etc/ssl/certs/ssl-cert-snakeoil.pem
li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1 root ssl-cert 887 May 4 12:11 /etc/ssl/private/ssl-cert-snakeoil.key
--On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass <jgrotepass@googlemail.com> wrote:
I got at least the http digest authentication to work with the debian installation. Besides some other issues that I posted and where I still working on.
Whatever the reason might be, the caldavd.plist should give some hints.
Jochen
Tom Wright schrieb:
Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error:
'Authentication failed: nonce-count is not a valid hex string: None'
Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Sorry, my fault - your entry for the sslport is currently a comment :) <!-- SSL port [0 = disable HTTPS] --> <!-- (Must also configure SSLCertificate and SSLPrivateKey below) --> <!-- <key>SSLPort</key> <integer>8443</integer> --> You should remove the comment arround the SSLPort Tags like this: <!-- SSL port [0 = disable HTTPS] --> <!-- (Must also configure SSLCertificate and SSLPrivateKey below) --> <key>SSLPort</key> <integer>8443</integer> However, you're right the package is not well documented - but hey - this is not a windows platform ;) On the authentication stuff, have you checked your accounts.xml that everything is correct there? What makes me wonder is "None" as the nonce-count. This doesn't make sense to me. Jochen Tom Wright schrieb:
Hmm caldavd was a member of ssl-cert so i dont think thats it. I've changed all the permissions to group caldavd and running caldavd -X gives me errors: first line of the traceback is: twistedcaldav.config.ConfigurationError: Can't create TwistdSlaveProcess without a TCP Port
Also originally I did just have digest authentication enabled, setting basic to false still gives me this error: 2009-05-06 15:47:22-0400 [-] [caldav-8008] [HTTPChannel,0,142.20.115.27] OPTIONS /calendars/ HTTP/1.1 2009-05-06 15:47:22-0400 [-] [caldav-8008] [HTTPChannel,0,142.20.115.27] 'Authentication failed: nonce-count is not a valid hex string: None'
I'm not finding this one a friendly package
On Wed, 06 May 2009 15:36:13 -0400, Jochen Grotepass <jgrotepass@googlemail.com> wrote:
Well, maybe here are some hints:
The caldavd is running under user "caldavd" on Debian. The file "/etc/ssl/private/ssl-cert-snakeoil.key" does not (by default) have read permissions to this user. So you might either add the user caldavd to the group ssl-cert or change the group access to caldavd.
Next the authentication issue. As far as I have learned (pretty new) - you should *NOT* enable all authentication mechanisms together. Just set the digest to "true" and the rest to "false". Maybe this helps. Whereas I am currently starting to implement Kerberos as it seems to make more sense in my environment (thanks Georg Troska)...
Jochen
Tom Wright schrieb:
plist attached, certificates are as specified
li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1 root ssl-cert 664 May 4 12:11 /etc/ssl/certs/ssl-cert-snakeoil.pem
li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1 root ssl-cert 887 May 4 12:11 /etc/ssl/private/ssl-cert-snakeoil.key
--On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass <jgrotepass@googlemail.com> wrote:
I got at least the http digest authentication to work with the debian installation. Besides some other issues that I posted and where I still working on.
Whatever the reason might be, the caldavd.plist should give some hints.
Jochen
Tom Wright schrieb:
Problems,problems So no only can I not get calendarserver to bind to an ssl port I also can't get digest authentication to work, I'm seeing the error:
'Authentication failed: nonce-count is not a valid hex string: None'
Is the debian package a really old version of calendarserver and should i build from svn? Thanks tom _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
participants (2)
-
Jochen Grotepass
-
Tom Wright