Re: [CalendarServer-users] Kerberos Authentication

Mon, 18 Sep 2006 11:30:23 -0700 

Hi Guido,
--On September 18, 2006 8:04:37 PM +0200 Guido Guenther <[EMAIL PROTECTED]> wrote: 


I had little luck setting up kerberos authentication with caldavd. All
my experiments indicate that the authkerb.py isn't even being looked at.
Any hints on howto make kerberos available as an authenticator to
twisted?



1) Make sure you have the latest trunk - there were a bunch of recent 
changes that affect authentication.



2) To enable different types of authentication you need to modify the 
bin/caldavd file. Attached is a patch to do this. Note that there are two 
ways to use Kerberos authentication. One uses HTTP Basic to get a user 
id/pswd and then does Kerberos on there server to verify those (proxy 
authentication). The other uses the HTTP Negotiate authentication mechanism 
to do GSSAPI directly. The patch has both listed, but the negotiate lines 
are commented out. If you want negotiate, comment out the basic lines, and 
uncomment the negotiate ones. You will also have th adjust the realm info 
provided to the factory object.




--
Cyrus Daboo

Index: bin/caldavd 
===================================================================
--- 
bin/caldavd	(revision 119)

+++ bin/caldavd (working copy)

@@ -359,6 +359,8 
@@

from twisted.web2.dav             import davxml, auth

from 
twisted.web2.server          import Site
from twisted.web2.channel.http 
import HTTPFactory
+from twistedcaldav.authkerb       import 
BasicKerberosCredentialFactory, BasicKerberosCredentialsChecker
+from 
twistedcaldav.authkerb       import NegotiateCredentialFactory, 
NegotiateCredentialsChecker


if dossl:

    from 
twisted.application.internet import SSLServer

@@ -374,9 +376,11 @@

parent 
= IServiceCollection(application)



portal = Portal(auth.DavRealm()) 
-portal.registerChecker(auth.TwistedPropertyChecker()) 
+portal.registerChecker(BasicKerberosCredentialsChecker()) 
+#portal.registerChecker(NegotiateCredentialsChecker())



-credentialFactories = (basic.BasicCredentialFactory(""),) 
+credentialFactories = 
(BasicKerberosCredentialFactory("krbtgt/[EMAIL PROTECTED]", 
"EXAMPLE.COM"),)
+#credentialFactories = 
(NegotiateCredentialFactory("[EMAIL PROTECTED]"),)



loginInterfaces = 
(auth.IPrincipal,)



_______________________________________________
calendarserver-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo/calendarserver-users






















					Reply via email to