[CalendarServer-dev] digest auth

Cyrus Daboo cdaboo at apple.com
Mon Sep 24 18:23:56 PDT 2007

Hi Bruno,

--On September 24, 2007 7:44:06 PM -0500 Bruno Browning 
<browning at uwalumni.com> wrote:

> When I authenticate to a CalendarServer instance configured to use digest
> authentication (concerning which I am a compleat newb) using Sunbird or
> Lightning, wait fifteen minutes, and attempt to, say,  refresh, I get
> another authentication prompt. This doesn't seem to be Sb/Ltn-specific:
> the same timeout-and-reprompt happens when accessing the calendar URI
> with a browser, including Opera on Linux and IE on Vista  (though not
> with IE 5.2 on Mac OS) - so it doesn't seem to be specific to the Mozilla
> network stack, either. Wireshark shows that after the 15-minute timeout
> CalendarServer responds to a query with a 401 challenge and new nonce
> value in the WWW-Authenticate header - but that header does not also
> include a 'stale="true"' as I would expect from my (possibly naive)
> reading of RFC 2617. So I'm suspecting that this is a CalendarServer bug
> rather than a Mozilla one, and I'm hoping that someone more familiar with
> digest authentication than I am can comment.

Yup - looks like we missed that. Apparently some browsers/clients ignore 
stale and attempt a re-auth without prompting so we didn't notice that. 
I'll get a ticket written on that.

Cyrus Daboo

More information about the calendarserver-dev mailing list