Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - works :-)

From: torsten finke igh de
To: evolution-list gnome org
Subject: Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - works :-)
Date: Tue, 9 Nov 2021 17:23:50 +0100

Dear Milan, 
 
On Fri, Nov 05, 2021 at 07:53:14AM +0100, Milan Crha via evolution-list wrote:

On Thu, 2021-11-04 at 16:50 +0100, Torsten Finke via evolution-list
wrote:

Then I have created a calendar connection as usual from evolution.


      Hi,
what is that, File->New->Calendar->CalDAV->... or a collection account?


not sure, what a "collection account" means. I connect to a calendar
http://exp-cal/caldav.php/me/calendar/.

Did you run also the evolution-source-registry from the $PREFIX? I
suppose you did, I only want to be sure.


yes of course. I have studied the build instructions on

   https://wiki.gnome.org/Apps/Evolution/Building

very carefully. They are amazingly good - one has to follow them
exactly!

Looking into the code, there are some prerequisites to be fulfilled to
have it working:
a) the calendar URL should be https://


that was it!

Differently to the mailing subsystem the calendar suite requires HTTPS
as a prerequisite for GSSAPI. Basically that makes sense, but also
makes it more difficult to investigate, and it is not obvious.

b) the libsoup should be built with the negotiate support
   (see soup_auth_negotiate_supported())


I have checked that with the following little program

#include <stdio.h>
#include <libsoup/soup.h>

/* ---------------------------------------- */
int main()
{   
    if ( soup_auth_negotiate_supported () ) {
        printf("GSSAPI supported\n"); 
    }
}
/* ---------------------------------------- */

it prints "GSSAPI supported".

You can verify whether the method is properly set when you run the
calendar factory process under gdb and place a breakpoint into
e_soup_session_maybe_prepare_auth. Eventually you can add a breakpoint
into soup_auth_negotiate_supported, to see whether it's called at all.



That hint points exactly to the solution:

   libedataserver/e-soup-session.c:293

   ...
   /* Provide credentials beforehand only on secure connections */
   ...

I had not expected this connection HTTPS/GSSAPI as a requirement.


Thanks and best regards


Torsten


-- 
------------------------------------------------------------------------
Torsten Finke
torsten finke igh de
------------------------------------------------------------------------

References:
- Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - again
  - From: torsten . finke
- Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - again
  - From: Milan Crha

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]