On Wednesday 10 April 2002 01:18, Rob Mayoff wrote:
I don't see a point in modifying the core to also parse Authentication:
Digest headers. I think Ns_SetRequestAuthorizeProc should be ripped
out and replaced with a new filter type, auth. Auth filters should
simply be run after preauth
SASL: http://www.oreillynet.com/pub/a/network/2002/04/09/sasl.html
...if you're feeling ambitious.
On Monday 08 April 2002 22:04, Dossy wrote:
Could auth schemes not be implemented via trace filters?
Well, almost...
Here is the excerpt from ConnRun() located in nsd/serv.c
/*
* Run the pre-authorization filters and, if ok,
* authorize and run the request procedure.
*/
On 2002.04.09, Zoran Vasiljevic [EMAIL PROTECTED] wrote:
This is what I was talkng about when I said that core server
would need to be changed.
Understood.
So, IMHO, not very many changes are needed in order to get alternate
schemes possible. But... since this one requires the core change
+-- On Apr 9, Zoran Vasiljevic said:
On Monday 08 April 2002 22:04, Dossy wrote:
Could auth schemes not be implemented via trace filters?
Well, almost...
Actually, it's can't. A trace filter runs after the main request
handler - too late to block access.
A preauth or postauth
Thanks for reading my mind. I _DID_ intend to say preauth
filter and not trace filters -- that's what I get for
trying to use my branes on a Monday.
-- Dossy
BRANES!
On 2002.04.09, Rob Mayoff [EMAIL PROTECTED] wrote:
+-- On Apr 9, Zoran Vasiljevic said:
On Monday 08 April 2002
+-- On Apr 9, Zoran Vasiljevic said:
If I'm not mistaken (correct me if I'm wrong, please),
but, if I do not load the ns_perm module then:
- I do not get the allowuser functionality (or is it ns_perm allowuser?)
- I lose all other user's hostname (ip/domain) checking
-
If above holds true, then this can be used as a starting point
when developing DAV, indeed.
But, I'm afraid that people would really need both (basic and digest
and/or some other scheme in the future) at the same time when it comes
to deployment. That's why a hook in the Ns_AuthorizeRequest
Rob Mayoff wrote:
Personally, I'd not be inclined to use a single server for both DAV and
normal web serving. By separating the services into different processes,
you can run the normal web server as a uid that only has read access to
the files, and the DAV server as a uid that has write
On Tuesday 09 April 2002 20:51, Tom Jackson wrote:
I still don't see why you can't write a module in tcl or in C to replace
ns_perm (maybe using it as a starting point). Why does this require hacking
the core. We have an authentication scheme in OpenACS that authorizes
requests by a
So what should I do ?
I may split on the URL method and Digest-authorize only DAV
methods (MKCOL, PROPFIND, etc) leaving GET/POST to Basic.
It sounds perfect, Filters are designed to be registered per method.
Probably your entire application will be a filter that responds to the DAV
methods. I
+-- On Apr 9, Goodwin Scott S GS-13 96 CG/SCTOB said:
You could use a single server but only allow DAV access on a separate
nsopenssl port. Could even use client PKI certs on that port to make the
authentication more secure. Then deny any kind of DAV access on any other
nssock or
+-- On Apr 9, Zoran Vasiljevic said:
So what should I do ?
It seems to me that you would be best served by a module, in either Tcl
or C, that runs as a preauth or postauth filter and implements Basic and
Digest authentication and IP/hostname checking. I don't see much point
in trying
Well I think I'll have tcl based webDAV done within a month or two.
If someone will take care of Digest authorization we just might have it.
On Monday 08 April 2002 11:24 am, you wrote:
Doing our Annual Tour, are we??
Ian A. Harding
Programmer/Analyst II
Tacoma-Pierce County Health
On Monday 08 April 2002 18:42, David Walker wrote:
Well I think I'll have tcl based webDAV done within a month or two.
If someone will take care of Digest authorization we just might have it.
We are going to do our own (mostly C) WebDAV implementation
with fast DOM-based XML processsing. It
On 2002.04.08, Zoran Vasiljevic [EMAIL PROTECTED] wrote:
On Monday 08 April 2002 18:42, David Walker wrote:
Well I think I'll have tcl based webDAV done within a month or two.
If someone will take care of Digest authorization we just might have it.
We are going to do our own (mostly C)
Perhaps this is a good place to start a new nsauth module to
which can replace nsperm. Leave nsperm in place (to not break
backward compatibility, etc.) but start fresh with a well-designed
nsauth.
Someone mentioned that it is difficult to use a different authentication
method in AOLserver. I
Perhaps this is a good place to start a new nsauth module to
which can replace nsperm. Leave nsperm in place (to not break
backward compatibility, etc.) but start fresh with a well-designed
nsauth.
A new auth module that I could easily change permissions on the fly in a tcl
proc would be a
On Monday 08 April 2002 19:14, Dossy wrote:
Why DOM and not SAX? Is it really meaningful to hold the
entire WebDAV message in memory as a DOM tree? You really
only need to pick up a few things (which SAX would be
great for) then form a response -- this is where I might
use DOM to assemble
Zoran,
Could auth schemes not be implemented via trace filters?
-- Dossy
On 2002.04.08, Zoran Vasiljevic [EMAIL PROTECTED] wrote:
On Monday 08 April 2002 19:29, Tom Jackson wrote:
Someone mentioned that it is difficult to use a different authentication
I'm afraid it was me :)
I´m interested in WebDAV -- very.
./s
-Original Message-
From: Zoran Vasiljevic
To: [EMAIL PROTECTED]
Sent: 3/04/02 10:25
Subject: [AOLSERVER] Digest authorization / WebDAV
I'm thinking about implementing WebDAV support for AOLserver.
Anybody already doing some work on that ?
I'll
I'm thinking about implementing WebDAV support for AOLserver.
Anybody already doing some work on that ?
I'll have to start with Digest authorization support since
it's a must for DAV. The authorization support in 3.4
is designed to cover the Basic method only. Other methods
can't easily be
Zoran,
I just starting thinking about webDAV support in AOLserver, but hadn't
gotten to thinking about all the requirements. So, I don't know about
digest authorization.
Feel free to email me to dicuss this.
Dave
On Wed, Apr 03, 2002 at 11:25:55AM -0500, Zoran Vasiljevic wrote:
I'm thinking
I started working on a tcl implementation of WebDAV. I haven't looked at
security at all.
I was thinking that SSL with Basic could be adequate security but that
solution will not work for everyone.
On Wednesday 03 April 2002 11:08 am, you wrote:
Zoran,
I just starting thinking about webDAV
To throw more fuel on the fire, I've got a Tcl-based implementation
of WebDAV that's incomplete (but semi-usable), and I'm only using
nsperm for authentication.
-- Dossy
On 2002.04.03, David Walker [EMAIL PROTECTED] wrote:
I started working on a tcl implementation of WebDAV. I haven't looked
Can I see it?
On Wednesday 03 April 2002 01:14 pm, you wrote:
To throw more fuel on the fire, I've got a Tcl-based implementation
of WebDAV that's incomplete (but semi-usable), and I'm only using
nsperm for authentication.
-- Dossy
On 2002.04.03, David Walker [EMAIL PROTECTED] wrote:
I
On 2002.04.03, David Walker [EMAIL PROTECTED] wrote:
Can I see it?
It's embarassing, but sure. :-)
Please, do NOT laugh too hard when reading the code. It
was whipped together in the span of 3 hours, using tcpdump
to sniff existing WebDAV tools (because I was too lazy to
read the spec. and
On 2002.04.03, David Walker [EMAIL PROTECTED] wrote:
No worries. I spent longer than 3 hours on mine and it doesn't even work.
It's a little prettier though. Not much.
You can see where I commented out package require xml -- I was
dreaming that I'd get far enough to do that in 3 hours ...
28 matches
Mail list logo