calendar server on debian

> Problems,problems
> So no only can I not get calendarserver to bind to an ssl port I also
> can't get digest authentication to work, I'm seeing the error:
>
>  'Authentication failed: nonce-count is not a valid hex string: None'
>
> Is the debian package a really old version of calendarserver and
> should i build from svn?
> Thanks tom
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users@...
> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users

> plist attached, certificates are as specified
>
> li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1
> root ssl-cert 664 May  4 12:11
> /etc/ssl/certs/ssl-cert-snakeoil.pem
>
> li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1
> root ssl-cert 887 May  4 12:11
> /etc/ssl/private/ssl-cert-snakeoil.key
>
>
>
> --On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass
> <jgrotepass@...> wrote:
>
>> I got at least the http digest authentication to work with the debian
>> installation. Besides some other issues that I posted and where I still
>> working on.
>>
>> Whatever the reason might be, the caldavd.plist should give some hints.
>>
>> Jochen
>>
>> Tom Wright schrieb:
>>> Problems,problems
>>> So no only can I not get calendarserver to bind to an ssl port I also
>>> can't get digest authentication to work, I'm seeing the error:
>>>
>>>  'Authentication failed: nonce-count is not a valid hex string: None'
>>>
>>> Is the debian package a really old version of calendarserver and
>>> should i build from svn?
>>> Thanks tom
>>> _______________________________________________
>>> calendarserver-users mailing list
>>> calendarserver-users@...
>>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>>
>
>
>

> Well, maybe here are some hints:
>
> The caldavd is running under user "caldavd" on Debian. The file
> "/etc/ssl/private/ssl-cert-snakeoil.key" does not (by default) have read
> permissions to this user. So you might either add the user caldavd to
> the group ssl-cert or change the group access to caldavd.
>
> Next the authentication issue. As far as I have learned (pretty new) -
> you should *NOT* enable all authentication mechanisms together. Just set
> the digest to "true" and the rest to "false". Maybe this helps. Whereas
> I am currently starting to implement Kerberos as it seems to make more
> sense in my environment (thanks Georg Troska)...
>
> Jochen
>
> Tom Wright schrieb:
>> plist attached, certificates are as specified
>>
>> li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1
>> root ssl-cert 664 May  4 12:11
>> /etc/ssl/certs/ssl-cert-snakeoil.pem
>>
>> li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1
>> root ssl-cert 887 May  4 12:11
>> /etc/ssl/private/ssl-cert-snakeoil.key
>>
>>
>>
>> --On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass
>> <jgrotepass@...> wrote:
>>
>>> I got at least the http digest authentication to work with the debian
>>> installation. Besides some other issues that I posted and where I still
>>> working on.
>>>
>>> Whatever the reason might be, the caldavd.plist should give some hints.
>>>
>>> Jochen
>>>
>>> Tom Wright schrieb:
>>>> Problems,problems
>>>> So no only can I not get calendarserver to bind to an ssl port I also
>>>> can't get digest authentication to work, I'm seeing the error:
>>>>
>>>>  'Authentication failed: nonce-count is not a valid hex string: None'
>>>>
>>>> Is the debian package a really old version of calendarserver and
>>>> should i build from svn?
>>>> Thanks tom
>>>> _______________________________________________
>>>> calendarserver-users mailing list
>>>> calendarserver-users@...
>>>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>>>
>>
>>
>>
>

> Hmm caldavd was a member of ssl-cert so i dont think thats it.
> I've changed all the permissions to group caldavd and running caldavd
> -X gives me errors: first line of the traceback is:
> twistedcaldav.config.ConfigurationError: Can't create
> TwistdSlaveProcess without a TCP Port
>
> Also originally I did just have digest authentication enabled, setting
> basic to false still gives me this error:
> 2009-05-06 15:47:22-0400 [-] [caldav-8008]
> [HTTPChannel,0,142.20.115.27] OPTIONS /calendars/ HTTP/1.1
> 2009-05-06 15:47:22-0400 [-] [caldav-8008]
> [HTTPChannel,0,142.20.115.27] 'Authentication failed: nonce-count is
> not a valid hex string: None'
>
> I'm not finding this one a friendly package
>
> On Wed, 06 May 2009 15:36:13 -0400, Jochen Grotepass
> <jgrotepass@...> wrote:
>
>> Well, maybe here are some hints:
>>
>> The caldavd is running under user "caldavd" on Debian. The file
>> "/etc/ssl/private/ssl-cert-snakeoil.key" does not (by default) have read
>> permissions to this user. So you might either add the user caldavd to
>> the group ssl-cert or change the group access to caldavd.
>>
>> Next the authentication issue. As far as I have learned (pretty new) -
>> you should *NOT* enable all authentication mechanisms together. Just set
>> the digest to "true" and the rest to "false". Maybe this helps. Whereas
>> I am currently starting to implement Kerberos as it seems to make more
>> sense in my environment (thanks Georg Troska)...
>>
>> Jochen
>>
>> Tom Wright schrieb:
>>> plist attached, certificates are as specified
>>>
>>> li7-3:/var# ls -al /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1
>>> root ssl-cert 664 May  4 12:11
>>> /etc/ssl/certs/ssl-cert-snakeoil.pem
>>>
>>> li7-3:/var# ls -al /etc/ssl/private/ssl-cert-snakeoil.key -rw-r----- 1
>>> root ssl-cert 887 May  4 12:11
>>> /etc/ssl/private/ssl-cert-snakeoil.key
>>>
>>>
>>>
>>> --On Wednesday, May 06, 2009 09:13:11 PM +0200 Jochen Grotepass
>>> <jgrotepass@...> wrote:
>>>
>>>> I got at least the http digest authentication to work with the debian
>>>> installation. Besides some other issues that I posted and where I
>>>> still
>>>> working on.
>>>>
>>>> Whatever the reason might be, the caldavd.plist should give some
>>>> hints.
>>>>
>>>> Jochen
>>>>
>>>> Tom Wright schrieb:
>>>>> Problems,problems
>>>>> So no only can I not get calendarserver to bind to an ssl port I also
>>>>> can't get digest authentication to work, I'm seeing the error:
>>>>>
>>>>>  'Authentication failed: nonce-count is not a valid hex string: None'
>>>>>
>>>>> Is the debian package a really old version of calendarserver and
>>>>> should i build from svn?
>>>>> Thanks tom
>>>>> _______________________________________________
>>>>> calendarserver-users mailing list
>>>>> calendarserver-users@...
>>>>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>>>>
>>>
>>>
>>>
>>
>
>