Digest authentication for WebDAV?

WebDAV services work as expected using basic authentication and an ".htpasswd" file in the WebDAV directory. Putting an ".htaccess" file in the WebDAV directory to change the authentication method (i.e. "AuthType digest") and/or the location of the password file (e.g. "AuthUserFile /home/myhome/adm/passwd") does not appear to have the desired effect, and password files created using "htdigest" cause all login attempts to fail.

Have I missed something? Is there a way to implement digest authentication for for my WebDAV server, preferably using a password file located outside the WebDAV directory as I do for regular HTTP authentication?

authentication webdav

asked May 17 '11 at 22:06

tjonz
1●2

2 Answers:

oldest newest most voted

As explained in the link below, WebDAV with Basic authentication doesn't work with Windows Explorer. Digest is required, so I think this would be very helpful - at least mention this limitation in the docs. Thanks!

http://shon.org/blog/2010/03/04/howto-fix-windows-7-64bit-webdav/

answered Nov 12 '12 at 15:57

skaha
1

Ok, we'll look into adding that to our docs.

(Nov 12 '12 at 17:08) seanf ♦♦

The shared apache server is built to use basic auth only. You would have to build your own apache/webDAV stack to overcome this.

answered May 17 '11 at 23:39

johns ♦♦
3404●2●7

Thanks for the prompt reply, John. It certainly answers my question. This tidbit of information would be a useful addition to WebFaction's WebDAV docs, otherwise there's no reason to assume digest authentication is unsupported.

When you say the shared Apache instance only supports basic authentication I assume you're referring only to WebDAV; I use digest authentication for vanilla HTTP requests to the shared server without any problems. This also begs the question of whether there's a good reason digest authentication is unsupported for WebDAV requests (it is, after all, recommended in the mod_webdav docs) or whether that just happens to be the way things are.

(May 18 '11 at 14:44) tjonz

When you say the shared Apache instance only supports basic authentication I assume you're referring only to WebDAV

That's correct - when you install a WebDAV app via our control panel, it's configured for basic authentication in httpd.conf. The AuthType cannot be overridden via .htaccess.

This also begs the question of whether there's a good reason digest authentication is unsupported for WebDAV requests (it is, after all, recommended in the mod_webdav docs) or whether that just happens to be the way things are.

It's mostly just the way things are. I'll pass your questions along to our sysadmins for consideration, eg the possibility of making digest authentication an option for WebDAV apps.

(May 18 '11 at 15:38) seanf ♦♦

I'll pass your questions along to our sysadmins for consideration, eg the possibility of making digest authentication an option for WebDAV apps.

Cool. Tnx.

(May 26 '11 at 17:12) tjonz

Would be really great to have digest authentication for WebDAV, because running Baikal (CardDAV/CalDAV) would be possible

(Mar 31 at 06:17) gniemetz

Your answer

If you have an answer to the above question, then use the form below. Otherwise, use the appropriate 'add new comment' button above to post your feedback.

toggle preview

community wiki

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

authentication ×14
webdav ×10

Asked: May 17 '11 at 22:06

Seen: 1,599 times

Last updated: Mar 31 at 06:17

Digest authentication for WebDAV?

Follow this question

Got questions? We have answers!

Related questions