[kronolith] Kronolith / sabredav: No basic authentication headers found

Michael J Rubinsky mrubinsk at horde.org
Tue May 12 14:04:13 UTC 2015


Quoting lst_hoe02 at kwsoft.de:

> Zitat von Jan Schneider <jan at horde.org>:
>
>> Zitat von lst_hoe02 at kwsoft.de:
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von lst_hoe02 at kwsoft.de:
>>>>
>>>>> Zitat von lst_hoe02 at kwsoft.de:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> we use Horde/Kronolith for CalDAV calender access from multiple  
>>>>>> clients. In a network trace we can see that Horde refuses  
>>>>>> CalDAV access with cookies set with Sabre DAV Exception and "No  
>>>>>> basic authentication headers found". This lead to  
>>>>>> http://tuxd00d.com/blog/sabredav-no-basic-authentication-headers-were-found/ but the problem is said to occur only with CGI/FastCGI which we don't use. We have Ubuntu 12.04 with Apache and PHP5 as module with the latest Horde/Kronolith and all other is working fine. Any idea how to debug/solve  
>>>>>> this?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Andreas
>>>>>
>>>>> Hm, found this in horde/.htaccess
>>>>>
>>>>> # IMPORTANT: DO NOT EDIT THIS FILE!
>>>>> # It will be overwritten with any future upgrade.
>>>>>
>>>>> allow from all
>>>>>
>>>>> <IfModule mod_rewrite.c>
>>>>> RewriteEngine On
>>>>> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>>>>> RewriteCond   %{REQUEST_FILENAME}  !-d
>>>>> RewriteCond   %{REQUEST_FILENAME}  !-f
>>>>> RewriteRule ^(.*)$ rampage.php [QSA,L]
>>>>> </IfModule>
>>>>>
>>>>>
>>>>> so the missing header should not be the problem, no?
>>>>>
>>>>> Ayn idea how to solve this? We have slow access because of  
>>>>> additional round trips and hundreds of unused sessions on the  
>>>>> server because of constant re-authentication.
>>>>
>>>> And *are* the headers actually missing, i.e. can those client not  
>>>> authenticate at all?
>>>>
>>>
>>> In fact they can authenticate, but they have to authenticate at  
>>> every request because the cookie ist not accepted. So we have a  
>>> constant re-authentication without session reuse :-(
>>
>> This is how CalDAV works. Or almost any REST API based on HTTP  
>> authentication.
>
> Hm, ok. This lead to further questions:
>
> - Why does Horde create a (expansive) session for CalDAV calls and  
> reply with a session cookie included if it is not used at all?
>
> - How to get a decent performance without doing full blown  
> authentication/session creation on every request on the server?
>
> We will start using CalDAV for a couple of users but with a single  
> Testuser doing CalDAV sync we get some hundred useless sessions on  
> the horde server already and the poor client is trying to use the  
> provided cookie on every request only to repeat it afterwards  
> because of "401 Unauthorized" reply.
>
> This could not be the way it is intended to work, no?

If CalDAV requests are truly stateless we should use probably be using  
the null session driver (session_control = 'none') for those requests.


-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5869 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/kronolith/attachments/20150512/68399589/attachment.bin>


More information about the kronolith mailing list