Re: [CalendarServer-users] Digest authentication
Hello Cyrus, You're correct. The mistake is actually with my configuration. I had the "auth, auth-int" value in caldavd-dev.plist, though caldavd.plist and caldavd-test.plist were empty. So it picked that up from there. I've had this issue reported by a few testers and I am wondering, is that the "official" fix for now? ie. "Make sure Qop string value is empty in *.plist" Or is this a temporary workaround? Best regards, Kervin ----- Original Message ----
From: Kervin L. Pierre <kervin@adevsoft.com> To: Cyrus Daboo <cdaboo@apple.com>; calendarserver-users@lists.macosforge.org Sent: Monday, March 31, 2008 12:19:19 PM Subject: Re: [CalendarServer-users] Digest authentication
Hello Cyrus,
Ok, then the server should be sending you a WWW-Authenticate headed for Digest that does NOT contains a "qop=..." option in it. Can you check what you are sending back to the server? The client should NOT be sending back a "qop=..." if the server did not send one.
Then that might be the problem. The server always returns the client a 'Qop' value in the "WWW-Authenticate" header.
I will send you a text dump of the exchange in a few minutes.
Best regards, Kervin
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo/calendarserver-users
Hi Kervin, --On March 31, 2008 9:41:31 AM -0700 "Kervin L. Pierre" <kervin@adevsoft.com> wrote:
You're correct. The mistake is actually with my configuration. I had the "auth, auth-int" value in caldavd-dev.plist, though caldavd.plist and caldavd-test.plist were empty. So it picked that up from there.
I've had this issue reported by a few testers and I am wondering, is that the "official" fix for now? ie. "Make sure Qop string value is empty in *.plist" Or is this a temporary workaround?
Leaving it empty is best right now. Our .plist files do ship that way so it should be the default behavior. PS I was doing some testing last week and was running into another authentication problem related to our server advertising "negotiate" (Kerberos). I did not have a chance to track that down fully, but I'll send you a report when I do. There is actually some interest from a few people within Apple to start using OpenConnector to connect to our internally deployed server, so I was trying to test against that to see where we are at. -- Cyrus Daboo
participants (2)
-
Cyrus Daboo
-
Kervin L. Pierre