[Calendarserver-maintainers] Bug#499963: calendarserver: caldavd fails to authenticate and autocreate principal when running with NssDirectoryService
Ben Poliakoff
benp at reed.edu
Tue Sep 23 23:31:56 UTC 2008
Package: calendarserver
Version: 1.2.dfsg-6
Severity: important
I'm trying to use calendarserver's NssDirectoryService. I've configured
the service in /etc/caldavd/caldavd.plist, following the comments in the
module '/usr/share/pyshared/twistedcaldav/directory/nss.py'. I've also
configured Kerberos and SSL in /etc/caldavd/caldavd.plist.
However Apple's iCal client fails to connect to the calendarserver using
Kerberos.
iCal then displays this error message:
Account information not found:
Calendar https://host.name.here:8443/principals/user/benp/ could not
be found.
I find that my kerberos credential cache does not contain a service ticket
for the service configured in the keytab file and in 'ServicePrincipal'.
Additionally calendar server logs the following to /var/log/caldavd/error.log:
2008-09-23 16:15:03-0700 [-] [caldav-8008] [HTTPChannel,0,134.10.8.28] \
'No principal found for UID: benp'
2008-09-23 16:15:03-0700 [-] [caldav-8008] [HTTPChannel,0,134.10.8.28] \
"Attempt to create clone '/var/spool/caldavd/principals/users/benp' \
of resource <DirectoryPrincipalTypeProvisioningResource: \
/var/spool/caldavd/principals/users>"
If I run strace against caldavd while iCal tries to connect I
see this:
....snip...snip...snip...
19052 stat64("/var/spool/caldavd/principals/users", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
19052 gettimeofday({1222209205, 347026}, NULL) = 0
19052 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
19052 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
19052 write(1, " [HTTPChannel,0,134.10.8.28] \"Att"..., 192) = 192
19052 brk(0x8f3d000) = 0x8f3d000
19052 stat64("/usr/lib/python2.5/site-packages/twisted/web2/.svn/format", 0xbfbbe078) = -1 ENOENT (No such file or directory)
19052 stat64("/usr/lib/python2.5/site-packages/twisted/web2/.svn/format", 0xbfbbe078) = -1 ENOENT (No such file or directory)
19052 stat64("/usr/lib/python2.5/site-packages/twisted/web2/.svn/format", 0xbfbbe078) = -1 ENOENT (No such file or directory)
....snip...snip...snip...
...and caldavd becomes unresponsive, needing to be killed brutally with
SIGKILL.
I should note that this is being tested against a full production
kerberos realm (and other kerberos authenticated services (ldap and ssh)
are running properly on the client and the server.
Ben
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages calendarserver depends on:
ii adduser 3.110 add and remove users and groups
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii python 2.5.2-2 An interactive high-level object-o
ii python-central 0.6.8 register and build utility for Pyt
ii python-dateutil 1.4-1 powerful extensions to the standar
ii python-kerberos 1.0+svn2455-1 A GSSAPI interface module for Pyth
ii python-openssl 0.7-2 Python wrapper around the OpenSSL
ii python-pysqlite2 2.4.1-1 Python interface to SQLite 3
ii python-twisted-calendar 0.2.0.svn19773-5 Twisted components for Apple's Cal
ii python-vobject 0.6.0-1 parse iCalendar and VCards in Pyth
ii python-xattr 0.4-4 module for manipulating filesystem
ii python-xml 0.8.4-10.1 XML tools for Python
ii ssl-cert 1.0.22 simple debconf wrapper for OpenSSL
calendarserver recommends no packages.
Versions of packages calendarserver suggests:
ii python-pydirector 1.0.0-1 pure Python TCP load balancer
-- no debconf information
More information about the Calendarserver-maintainers
mailing list