On 8/26/13, Feuermurmel <[email protected]> wrote: > Hi Simon > > On Wednesday, February 15, 2012 7:58:14 PM UTC+1, osimons wrote: >> >> There is no problem using the RPC plugin with digest auth - or any >> particular other auth for that matter. The RPC plugin just uses what >> it gets from Trac, and if Trac can authenticate then the plugin is >> fine with that. >> >> The real problem is that CLIENTS generally don't support digest auth, >> or any other particular auth mechanism other than lowest common >> denominator: Basic Authentication. So something like Python xmlrpclib >> only supports Basic auth. However, if you were to build a custom >> client that provides its own authentication handlers, all should be >> fine. Other clients for other platforms like Java, .Net or whatever >> may support further mechanisms - including Digest. I don't know. But >> in the end it all depends on the client. >> >> If you configure a project with digest auth, you should have no >> problem using curl to make authenticated calls to a Trac /rpc handler. >> "man curl" for all details of curl options... :-) >> > > Are you sure?
I do (and I'm sure of the fact that osimons will) . I use this on a regular basis , but requires the correct config ; might br tricky . > I'm not getting the XMLRPC interface to work using curl and > digest authentication: > What other plugins have you deployed ? There are a number of interactions that can make this fails , especially if you are using AccountManagerPlugin together with server (e.g. apache2) digest auth handlers then check this out http://trac-hacks.org/wiki/XmlRpcPlugin#ProblemswhenAccountManagerPluginisenabled > $ curl --data '<?xml > version="1.0"?><methodCall><methodName>wiki.getPage</methodName><params><param><value><string>SandBox</string></value></param></params></methodCall>' > > --header 'Content-Type: text/xml' --digest --user "$user:$password" > --dump-header - 'http://localhost:8080/login/xmlrpc' [...] > > It seems that the XmlRpcPlugin will return a 200 OK status code even if > authentication is required. Actually what (I think that) is happening there is that user authentication succeeded but Trac did not not detect the REMOTE_USER , thus falling back to anonymous login . > Shouldn't it send a different status code so > curl known that it should send the authentication data to the server? > It should ... - What's the HTTP server ? - Digest auth is enabled , what about anonymous access ? * If there's anonymous access to /login/... is forbidden then you'll get expeted HTTP error status . - Have you tried using an invalid password or non-existent user ? [...] -- Regards, Olemis - @olemislc Apacheā¢ Bloodhound contributor http://issues.apache.org/bloodhound http://blood-hound.net Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article: -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/groups/opt_out.
