New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support of authentication cookies #7163
Comments
Ok, I gathered some more data, and I can confirm than "it works" out of the box I connect directly into the directory protected (/secure). But I I first connect to the parent unprotected directory (/), then going into the protected directory fails. It seems to replicate the problem encoutered with usual browsers that "use" the credentials (so the OTP) on prefetching some files (like index.* or favicon. Cyberduck looks for a favicon too) but doesn't retain the cookie they got at these steps. Then OTP is not valid anymore. Logs:
|
Hi,
I'm hitting some no-go in the painful way of getting up an interesting setup: I want to secure access to a webdav using token/One Time Passwords.
The server side is already "working" (apache/mod_dav/mod_radius/freeradius & token backend).
But in general, webdav clients (that aren't internet browsers. IE is fine for example) and cyberduck especially cache login/pwd and reuse them each request they do... Problem is they won't use the authentication cookie that may be (and is in my setup) set by the dav server.
So the client keep asking for a password each time it does a request (because OTP is only valid once... of course).
So, is there a chance to see this feature "cookie support" in cyberduck any time? (soon, of course ;)).
That would be a great deal for cyberduck, because there is no opensource fullfeatured webdav client supporting cookies so far, only the python dav libs do.
Oh, and neither win7 or macOSX native webdav clients (didn't test kde one) support them either, so there is a spot.
The text was updated successfully, but these errors were encountered: