[CalendarServer-users] Kerberos Authentication
Cyrus Daboo
cdaboo at apple.com
Mon Sep 18 11:30:18 PDT 2006
Hi Guido,
--On September 18, 2006 8:04:37 PM +0200 Guido Guenther <agx at sigxcpu.org>
wrote:
> I had little luck setting up kerberos authentication with caldavd. All
> my experiments indicate that the authkerb.py isn't even being looked at.
> Any hints on howto make kerberos available as an authenticator to
> twisted?
1) Make sure you have the latest trunk - there were a bunch of recent
changes that affect authentication.
2) To enable different types of authentication you need to modify the
bin/caldavd file. Attached is a patch to do this. Note that there are two
ways to use Kerberos authentication. One uses HTTP Basic to get a user
id/pswd and then does Kerberos on there server to verify those (proxy
authentication). The other uses the HTTP Negotiate authentication mechanism
to do GSSAPI directly. The patch has both listed, but the negotiate lines
are commented out. If you want negotiate, comment out the basic lines, and
uncomment the negotiate ones. You will also have th adjust the realm info
provided to the factory object.
--
Cyrus Daboo
-------------- next part --------------
Index: bin/caldavd
===================================================================
---
bin/caldavd (revision 119)
+++ bin/caldavd (working copy)
@@ -359,6 +359,8
@@
from twisted.web2.dav import davxml, auth
from
twisted.web2.server import Site
from twisted.web2.channel.http
import HTTPFactory
+from twistedcaldav.authkerb import
BasicKerberosCredentialFactory, BasicKerberosCredentialsChecker
+from
twistedcaldav.authkerb import NegotiateCredentialFactory,
NegotiateCredentialsChecker
if dossl:
from
twisted.application.internet import SSLServer
@@ -374,9 +376,11 @@
parent
= IServiceCollection(application)
portal = Portal(auth.DavRealm())
-portal.registerChecker(auth.TwistedPropertyChecker())
+portal.registerChecker(BasicKerberosCredentialsChecker())
+#portal.registerChecker(NegotiateCredentialsChecker())
-credentialFactories = (basic.BasicCredentialFactory(""),)
+credentialFactories =
(BasicKerberosCredentialFactory("krbtgt/EXAMPLE.COM at EXAMPLE.COM",
"EXAMPLE.COM"),)
+#credentialFactories =
(NegotiateCredentialFactory("http at examaple.com"),)
loginInterfaces =
(auth.IPrincipal,)
More information about the calendarserver-users
mailing list