Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - again

From: torsten finke igh de
To: Milan Crha via evolution-list <evolution-list gnome org>
Subject: Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - again
Date: Thu, 4 Nov 2021 16:50:53 +0100

Dear Milan, 

may I return to the issue GSSAPI connection to a Caldav server (sorry
for the delay - it took some time for well prepared testing).

It still does not work. 

Now I have carefully built the recent complete evolution suite from
https://gitlab.gnome.org/GNOME/evolution* (version 3.43.1)
according to https://wiki.gnome.org/Apps/Evolution/Building

Then I have created a calendar connection as usual from evolution.

I have modified the Authentication section of the .source file:

   Method=plain/password -> Method=GSSAPI

and it looks like this:

[Authentication]
  Host=cal
  Method=GSSAPI
  Port=80
  ProxyUid=system-proxy
  RememberPassword=true
  User=me
  CredentialName=
  IsExternal=false

I have shut down the complete evolution eco system (including all
servers - really, checked this). I requested debugging for the calendar subsystem:

   ...
   CALDAV_DEBUG=1 $PREFIX/libexec/evolution-calendar-factory -w >& /tmp/evo-cal.log &
   ...

and launched them again.

The log file shows the authentication options the server is
advertising ("Negotiate" is what we need for GSSAPI):

< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1636037476
< Soup-Debug: SoupMessage 1 (0x7f5f103c68b0)
< Date: Thu, 04 Nov 2021 14:51:16 GMT
< Server: Apache
< WWW-Authenticate: Negotiate
< WWW-Authenticate: Basic realm="User Login"
< Vary: accept-language,accept-charset
< Accept-Ranges: bytes
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=utf-8
< Content-Language: de

but the client insists in using the Basic authentication, even if that
fails:

OPTIONS /caldav.php/me/calendar/ HTTP/1.1
Soup-Debug-Timestamp: 1636037476
Soup-Debug: EWebDAVSession 1 (0x7f5f100557c0), SoupMessage 1 (0x7f5f103c6e50), SoupSocket 2 
(0x7f5f103c97a0), restarted
Host: exp-cal
User-Agent: Evolution/3.43.1
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Accept-Encoding: gzip, deflate
Accept-Language: de-de, de;q=0.9
Authorization: Basic [me:*********]


the server replies:
< HTTP/1.1 401 Unauthorized
< Soup-Debug-Timestamp: 1636037476
...

I would have expected that at least after fail the client should do a next try
with negotiate authorization (like a browser would do). It does not.

The server operates correctly. I have checked this using curl:

      curl -o foo.vcs  --negotiate -u : http://cal/caldav.php/me/calendar/

That works as expected (wireshark shows that Negotiate is used). 

Is there any idea what I am doing wrong?

Thanks a lot for any advice and

best regards


Torsten


-- 
------------------------------------------------------------------------
Torsten Finke
torsten finke igh de
------------------------------------------------------------------------

Follow-Ups:
- Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - again
  - From: Milan Crha

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]