[CalendarServer-users] calendarserver on debian via nss and kerberos

[Marco Ghidinelli]

On 03/03/2009 03:26 PM, Georg Troska wrote:
> what does your error.log say?

nothing useful from the logs:

2009-03-03 15:29:55+0100 [-] Log opened.
2009-03-03 15:29:55+0100 [-] twistd 8.1.0 (/usr/bin/python 2.5.2) 
starting up
2009-03-03 15:29:55+0100 [-] reactor class: <class 
'twisted.internet.selectreactor.SelectReactor'>
2009-03-03 15:29:55+0100 [-] twistedcaldav.logging.AMPLoggingFactory 
starting on "'/var/run/caldavd/caldavd.socket'"
2009-03-03 15:29:55+0100 [-] [caldav-8008] 
/usr/lib/python2.5/site-packages/twisted/plugins/twisted_web2.py:22: 
DeprecationWarning: mktap and related support modules are deprecated as 
of Twisted 8.0.  Use Twisted Application Plugins with the 'twistd' 
command directly, as described in 'Writing a Twisted Application Plugin 
for twistd' chapter of the Developer Guide.
2009-03-03 15:29:55+0100 [-] [caldav-8008]   from twisted.scripts.mktap 
import _tapHelper
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] Log opened.
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] twistd 8.1.0 
(/usr/bin/python 2.5.2) starting up
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] reactor class: <class 
'twisted.internet.selectreactor.SelectReactor'>
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] 
twisted.web2.channel.http.HTTPFactory starting on 8008
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] Starting factory 
<twisted.web2.channel.http.HTTPFactory instance at 0x1f6bef0>
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] 
twisted.web2.channel.http.HTTPFactory starting on 8443
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] set uid/gid 103/105
2009-03-03 15:29:55+0100 [twistedcaldav.logging.AMPLoggingFactory] 
AMPLoggingProtocol connection established 
(HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket(''))
2009-03-03 15:29:55+0100 [-] [caldav-8008]  [-] AMP connection 
established (HOST:UNIXSocket(None) 
PEER:UNIXSocket('/var/run/caldavd/caldavd.socket'))



**** authentication here ****



2009-03-03 15:30:04+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
"Directory service <SudoDirectoryService 'domain.net': 
FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service 
GUID from realm name."
2009-03-03 15:30:04+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-03 15:30:08+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-03 15:30:08+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
"Directory service <NssDirectoryService 'domain.net'> has no GUID; 
generating service GUID from realm name."
2009-03-03 15:30:08+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
"Authentication failed: Incorrect credentials for 
<NssUserRecord[users at 27a5f82b-c2bd-5387-8942-a62eb12bb26c(domain.net)] 
marco.ghidinelli(marco.ghidinelli) 'Marco Ghidinelli'>"


> Am 03.03.2009 um 15:20 schrieb Marco Ghidinelli:
>
>> On 03/03/2009 02:14 PM, Georg Troska wrote:
>>> Hi,
>>> I was able to do it with Ubuntu Intrepid.
>>>
>>> Kerberos works. NSS not at the moment. I wrote a script that runs via
>>> cronjob creating a xml-file from LDAP for the user information.
>>> I'm still working on the NSS thing.
>>
>> i didn't understand: did nss works for you, but nss + kerberos doesn't
>> authenticate, or nss doesn't work and so you didn't try nss+kerberos?
>>
>>> Use account.xml with no password and loginnames that are of the same
>>> kind than in your kerberos database. Make sure that your keytab is
>>> readable by caldavd and use lowercase http/ (not HTTP/) for the
>>> principal entry.
>>
>> it's readable. i've tried with lowercase http, with the same results.
>>
>>> Kerberos based login are depending on your client as well. Which one are
>>> you using?
>>
>> it doesn't work neither with sunbird nor with firefox
>> (i've put in the network.negotiate-auth.trusted-uris "http://").
>
> Georg Troska
> Experimentelle Physik IV
> TU Dortmund
> +49 231 755 3501
>