[kronolith] Kronolith / sabredav: No basic authentication headers found

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Tue May 12 07:59:37 UTC 2015 

Zitat von Jan Schneider <jan at horde.org>:

> Zitat von lst_hoe02 at kwsoft.de:
>
>> Zitat von Jan Schneider <jan at horde.org>:
>>
>>> Zitat von lst_hoe02 at kwsoft.de:
>>>
>>>> Zitat von lst_hoe02 at kwsoft.de:
>>>>
>>>>> Hello,
>>>>>
>>>>> we use Horde/Kronolith for CalDAV calender access from multiple  
>>>>> clients. In a network trace we can see that Horde refuses CalDAV  
>>>>> access with cookies set with Sabre DAV Exception and "No basic  
>>>>> authentication headers found". This lead to  
>>>>> http://tuxd00d.com/blog/sabredav-no-basic-authentication-headers-were-found/ but the problem is said to occur only with CGI/FastCGI which we don't use. We have Ubuntu 12.04 with Apache and PHP5 as module with the latest Horde/Kronolith and all other is working fine. Any idea how to debug/solve  
>>>>> this?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Andreas
>>>>
>>>> Hm, found this in horde/.htaccess
>>>>
>>>> # IMPORTANT: DO NOT EDIT THIS FILE!
>>>> # It will be overwritten with any future upgrade.
>>>>
>>>> allow from all
>>>>
>>>> <IfModule mod_rewrite.c>
>>>>  RewriteEngine On
>>>>  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>>>>  RewriteCond   %{REQUEST_FILENAME}  !-d
>>>>  RewriteCond   %{REQUEST_FILENAME}  !-f
>>>>  RewriteRule ^(.*)$ rampage.php [QSA,L]
>>>> </IfModule>
>>>>
>>>>
>>>> so the missing header should not be the problem, no?
>>>>
>>>> Ayn idea how to solve this? We have slow access because of  
>>>> additional round trips and hundreds of unused sessions on the  
>>>> server because of constant re-authentication.
>>>
>>> And *are* the headers actually missing, i.e. can those client not  
>>> authenticate at all?
>>>
>>
>> In fact they can authenticate, but they have to authenticate at  
>> every request because the cookie ist not accepted. So we have a  
>> constant re-authentication without session reuse :-(
>
> This is how CalDAV works. Or almost any REST API based on HTTP  
> authentication.

Hm, ok. This lead to further questions:

- Why does Horde create a (expansive) session for CalDAV calls and  
reply with a session cookie included if it is not used at all?

- How to get a decent performance without doing full blown  
authentication/session creation on every request on the server?

We will start using CalDAV for a couple of users but with a single  
Testuser doing CalDAV sync we get some hundred useless sessions on the  
horde server already and the poor client is trying to use the provided  
cookie on every request only to repeat it afterwards because of "401  
Unauthorized" reply.

This could not be the way it is intended to work, no?

Regards

Andreas

More information about the kronolith mailing list