[CalendarServer-dev] digest auth
Bruno Browning
browning at uwalumni.com
Mon Sep 24 17:44:06 PDT 2007
When I authenticate to a CalendarServer instance configured to use
digest authentication (concerning which I am a compleat newb) using
Sunbird or Lightning, wait fifteen minutes, and attempt to, say,
refresh, I get another authentication prompt. This doesn't seem to be
Sb/Ltn-specific: the same timeout-and-reprompt happens when accessing
the calendar URI with a browser, including Opera on Linux and IE on
Vista (though not with IE 5.2 on Mac OS) - so it doesn't seem to be
specific to the Mozilla network stack, either. Wireshark shows that
after the 15-minute timeout CalendarServer responds to a query with a
401 challenge and new nonce value in the WWW-Authenticate header - but
that header does not also include a 'stale="true"' as I would expect
from my (possibly naive) reading of RFC 2617. So I'm suspecting that
this is a CalendarServer bug rather than a Mozilla one, and I'm hoping
that someone more familiar with digest authentication than I am can comment.
bb
More information about the calendarserver-dev
mailing list