Re: [CalendarServer-users] calendarserver on debian via nss and kerberos

marco ghidinelli Wed, 04 Mar 2009 03:04:24 -0800

On Tue, Mar 03, 2009 at 02:14:34PM +0100, Georg Troska wrote:
> Hi,
> I was able to do it with Ubuntu Intrepid.
>
> Kerberos works. NSS not at the moment. I wrote a script that runs via  
> cronjob creating a xml-file from LDAP for the user information.
> I'm still working on the NSS thing.
>
> Use account.xml with no password and loginnames that are of the same  
> kind than in your kerberos database. Make sure that your keytab is  
> readable by caldavd and use lowercase http/ (not HTTP/) for the  
> principal entry.
> Kerberos based login are depending on your client as well. Which one are 
> you using?
>
> Georg


I followed your idea, and now i'm trying with a generated account.xml
with kerberos authentication.
it still doesn't work, but with a more verbose error: here is the log.

2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] Log opened.
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] twistd 8.1.0 (/usr/bin/python 
2.5.2) starting up
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] reactor class: <class 
'twisted.internet.selectreactor.SelectReactor'>
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] 
twisted.web2.channel.http.HTTPFactory starting on 8008
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] Starting factory 
<twisted.web2.channel.http.HTTPFactory instance at 0x188d7a0>
2009-03-04 11:45:47+0100 [-] [caldav-8008]  [-] 
twisted.web2.channel.http.HTTPFactory starting on 8443
2009-03-04 11:45:48+0100 [-] [caldav-8008]  [-] set uid/gid 103/105
2009-03-04 11:45:48+0100 [twistedcaldav.logging.AMPLoggingFactory] 
AMPLoggingProtocol connection established 
(HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket(''))
2009-03-04 11:45:48+0100 [-] [caldav-8008]  [-] AMP connection established 
(HOST:UNIXSocket(None) PEER:UNIXSocket('/var/run/caldavd/caldavd.socket'))
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
"Directory service <XMLDirectoryService 'DOMAIN.LOCAL': 
FilePath('/etc/caldavd/accounts.xml')> has no GUID; generating service GUID 
from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
"Directory service <SudoDirectoryService 'DOMAIN.LOCAL': 
FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service GUID 
from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] GET 
/calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:39+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
'Authentication failed: Invalid nonce value: 6152332 -- a lot of numbers here 
(ndr)-- 554623523'
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] GET 
/calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
Exception rendering:
2009-03-04 10:47:45+0100 [-] [caldav-8008]  [HTTPChannel,0,192.168.0.29] 
Unhandled Error
2009-03-04 10:47:45+0100 [-] [caldav-8008]      Traceback (most recent call 
last):
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 186, in 
addCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008]          self._runCallbacks()
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 328, in 
_runCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008]          self.result = 
callback(self.result, *args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/web2/dav/resource.py", line 722, in 
login
2009-03-04 10:47:45+0100 [-] [caldav-8008]          d = 
request.portal.login(pcreds, None, *request.loginInterfaces)
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/cred/portal.py", line 114, in login
2009-03-04 10:47:45+0100 [-] [caldav-8008]          return 
maybeDeferred(self.checkers[i].requestAvatarId, credentials
2009-03-04 10:47:45+0100 [-] [caldav-8008]      --- <exception caught here> ---
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 106, in 
maybeDeferred
2009-03-04 10:47:45+0100 [-] [caldav-8008]          result = f(*args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twistedcaldav/directory/aggregate.py", line 
135, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008]          
type).requestAvatarId(credentials)
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twistedcaldav/directory/directory.py", line 
109, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008]          if 
user.verifyCredentials(credentials.credentials):
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twistedcaldav/directory/xmlfile.py", line 
144, in verifyCredentials
2009-03-04 10:47:45+0100 [-] [caldav-8008]          return 
credentials.checkPassword(self.password)
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 153, in 
checkPassword
2009-03-04 10:47:45+0100 [-] [caldav-8008]          calcHA1(algo, 
self.username, self.realm, password, nonce, cnonce),
2009-03-04 10:47:45+0100 [-] [caldav-8008]        File 
"/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 62, in 
calcHA1
2009-03-04 10:47:45+0100 [-] [caldav-8008]          m.update(pszPassword)
2009-03-04 10:47:45+0100 [-] [caldav-8008]      exceptions.TypeError: update() 
argument 1 must be string or read-only buffer, not None


the account.xml is:
<!DOCTYPE accounts SYSTEM "accounts.dtd">

<accounts realm="DOMAIN.LOCAL">
  <user>
    <uid>admin</uid>
    <name>Super User</name>
  </user>
  <user>
    <uid>marco.ghidinelli</uid>
    <name>Marco Ghidinelli</name>
    <cuaddr>mailto:marco.ghidine...@domain.net</cuaddr>
  </user>
</accounts>

_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users

Re: [CalendarServer-users] calendarserver on debian via nss and kerberos

Reply via email to