Re: [Evolution] Evolution Caldav SSO Access via GSSAPI/Kerberos - works :-)



Dear Milan, 
 
On Fri, Nov 05, 2021 at 07:53:14AM +0100, Milan Crha via evolution-list wrote:
On Thu, 2021-11-04 at 16:50 +0100, Torsten Finke via evolution-list
wrote:
Then I have created a calendar connection as usual from evolution.

      Hi,
what is that, File->New->Calendar->CalDAV->... or a collection account?

not sure, what a "collection account" means. I connect to a calendar
http://exp-cal/caldav.php/me/calendar/.


Did you run also the evolution-source-registry from the $PREFIX? I
suppose you did, I only want to be sure.

yes of course. I have studied the build instructions on

   https://wiki.gnome.org/Apps/Evolution/Building

very carefully. They are amazingly good - one has to follow them
exactly! 


Looking into the code, there are some prerequisites to be fulfilled to
have it working:
a) the calendar URL should be https://

that was it!

Differently to the mailing subsystem the calendar suite requires HTTPS
as a prerequisite for GSSAPI. Basically that makes sense, but also
makes it more difficult to investigate, and it is not obvious.


b) the libsoup should be built with the negotiate support
   (see soup_auth_negotiate_supported())

I have checked that with the following little program

#include <stdio.h>
#include <libsoup/soup.h>

/* ---------------------------------------- */
int main()
{   
    if ( soup_auth_negotiate_supported () ) {
        printf("GSSAPI supported\n"); 
    }
}
/* ---------------------------------------- */

it prints "GSSAPI supported". 


You can verify whether the method is properly set when you run the
calendar factory process under gdb and place a breakpoint into
e_soup_session_maybe_prepare_auth. Eventually you can add a breakpoint
into soup_auth_negotiate_supported, to see whether it's called at all.


That hint points exactly to the solution:

   libedataserver/e-soup-session.c:293

   ...
   /* Provide credentials beforehand only on secure connections */
   ...

I had not expected this connection HTTPS/GSSAPI as a requirement.


Thanks and best regards


Torsten


-- 
------------------------------------------------------------------------
Torsten Finke
torsten finke igh de
------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]