Hi Simon On Wednesday, February 15, 2012 7:58:14 PM UTC+1, osimons wrote: > > There is no problem using the RPC plugin with digest auth - or any > particular other auth for that matter. The RPC plugin just uses what > it gets from Trac, and if Trac can authenticate then the plugin is > fine with that. > > The real problem is that CLIENTS generally don't support digest auth, > or any other particular auth mechanism other than lowest common > denominator: Basic Authentication. So something like Python xmlrpclib > only supports Basic auth. However, if you were to build a custom > client that provides its own authentication handlers, all should be > fine. Other clients for other platforms like Java, .Net or whatever > may support further mechanisms - including Digest. I don't know. But > in the end it all depends on the client. > > If you configure a project with digest auth, you should have no > problem using curl to make authenticated calls to a Trac /rpc handler. > "man curl" for all details of curl options... :-) > Are you sure? I'm not getting the XMLRPC interface to work using curl and digest authentication:
$ curl --data '<?xml version="1.0"?><methodCall><methodName>wiki.getPage</methodName><params><param><value><string>SandBox</string></value></param></params></methodCall>' --header 'Content-Type: text/xml' --digest --user "$user:$password" --dump-header - 'http://localhost:8080/login/xmlrpc' HTTP/1.1 200 OK Server: tracd/1.0.1 Python/2.6.8 Date: Mon, 26 Aug 2013 15:41:31 GMT Content-Type: text/xml Content-Length: 294 Set-Cookie: trac_session=67c4ffa3973fdfb495fd3d29; expires=Sun, 24-Nov-2013 15:41:31 GMT; httponly; Path=/ HTTP/1.1 200 OK Server: tracd/1.0.1 Python/2.6.8 Date: Mon, 26 Aug 2013 15:41:31 GMT Content-Type: text/xml Content-Length: 356 Set-Cookie: trac_session=ac78955d5ab422c55597d41d; expires=Sun, 24-Nov-2013 15:41:31 GMT; httponly; Path=/ <?xml version='1.0'?> <methodResponse> <fault> <value><struct> <member> <name>faultCode</name> <value><int>403</int></value> </member> <member> <name>faultString</name> <value><string>XML_RPC privileges are required to perform this operation. You don't have the required permissions.</string></value> </member> </struct></value> </fault> </methodResponse> It seems that the XmlRpcPlugin will return a 200 OK status code even if authentication is required. Shouldn't it send a different status code so curl known that it should send the authentication data to the server? Thanks Michael -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscr...@googlegroups.com. To post to this group, send email to trac-users@googlegroups.com. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/groups/opt_out.
