[CalendarServer-dev] digest auth

Bruno Browning browning at uwalumni.com
Mon Sep 24 17:44:06 PDT 2007

When I authenticate to a CalendarServer instance configured to use 
digest authentication (concerning which I am a compleat newb) using 
Sunbird or Lightning, wait fifteen minutes, and attempt to, say,  
refresh, I get another authentication prompt. This doesn't seem to be 
Sb/Ltn-specific: the same timeout-and-reprompt happens when accessing 
the calendar URI with a browser, including Opera on Linux and IE on 
Vista  (though not with IE 5.2 on Mac OS) - so it doesn't seem to be 
specific to the Mozilla network stack, either. Wireshark shows that 
after the 15-minute timeout CalendarServer responds to a query with a 
401 challenge and new nonce value in the WWW-Authenticate header - but 
that header does not also include a 'stale="true"' as I would expect 
from my (possibly naive) reading of RFC 2617. So I'm suspecting that 
this is a CalendarServer bug rather than a Mozilla one, and I'm hoping 
that someone more familiar with digest authentication than I am can comment.

More information about the calendarserver-dev mailing list