Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seems to be using Basic Authentication scheme only #7257

Closed
cyberduck opened this issue May 17, 2013 · 7 comments
Closed

Seems to be using Basic Authentication scheme only #7257

cyberduck opened this issue May 17, 2013 · 7 comments
Assignees
@dkocher
Labels
bug thirdparty Issue caused by third party webdav WebDAV Protocol Implementation
Milestone
4.4

Comments

@cyberduck
Copy link
Collaborator

50433cf created the issue

Hello,

we recently came across a wierd problem using the latest version 4.3.1 on Windows. Server is setup like the following:

AuthName XXXXX
AuthType Digest
AuthDigestFile $DIR/access/XXXXX.password

When connecting with Cyberduck, the connection always fails with:

172.28.1.114 - - [16/May/2013:16:20:07 +0000] "HEAD /$DIR2/ HTTP/1.1" 401 0 "-" "Cyberduck/4.3.1 (11008) (Windows 7/6.1) (x86)" "-"

Though the password file looks similar to

XXXXX:XXXXX:012345678abcdef...

And the Apache error.log states

Thu May 16 16:42:35 2013] [error] client used wrong authentication scheme: Basic for /$DIR2/
[Thu May 16 16:42:35 2013] [error] [client 172.28.1.114] user XXXXX: password mismatch: /$DIR2/

I can see on various places that Cyberduck should be supporting Digest authentication, I even found a commit 4 years ago stating that exactly. But still, it seems Cyberduck is insisting on Basic Auth only.
I can successfully connect with IE - though I cannot upload files obviously, but the authentication works just fine with the same password as provided to Cyberduck.

Regards

Thomas
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please post the transcript from the log drawer (Ctrl-L).

@cyberduck
Copy link
Collaborator Author

50433cf commented

HEAD /cyberduck/ HTTP/1.1
Host: $HOST
Connection: Keep-Alive
User-Agent: Cyberduck/4.3.1 (11008) (Windows 7/6.1) (x86)
Authorization: Basic Y3liZXJkdWNrOktZYlBJY1BVSTZ4Vlk=
HTTP/1.1 401 Authorization Required
Date: Fri, 17 May 2013 10:19:09 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e mod_perl/1.29 DAV/1.0.3
WWW-Authenticate: Digest realm="cyberduck", nonce="bdf1958b9fa1cff9adf3a5db37787fd91368785949"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
HEAD /cyberduck/ HTTP/1.1
Host: $HOST
Connection: Keep-Alive
User-Agent: Cyberduck/4.3.1 (11008) (Windows 7/6.1) (x86)
Authorization: Digest username="cyberduck", realm="cyberduck", nonce="bdf1958b9fa1cff9adf3a5db37787fd91368785949", uri="/cyberduck/", response="22ed3155d349f69e1a590596179dbf90", algorithm="MD5"
HTTP/1.1 401 Authorization Required
Date: Fri, 17 May 2013 10:19:09 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e mod_perl/1.29 DAV/1.0.3
WWW-Authenticate: Digest realm="cyberduck", nonce="bdf1958b9fa1cff9adf3a5db37787fd91368785949"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Looks fine to me. The first request uses Preemptive Basic Authentication but fails because your server requires Digest access authentication. A second request is issued with a response to the digest challenge. But it looks like the credentials are not accepted as a 401 status code is received.

@cyberduck
Copy link
Collaborator Author

50433cf commented

Many thanks for that.

Unfortunately I just don't get it. I just reset the password to something really simply and still cannot get in with Cyberduck.

When I try it with IE and/or Firefox it is all working alright, no problem. No "client used wrong authentication scheme:" turn up for these clients in the error.log.

Is there somewhere where I have to provide the "realm"?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:5 tpreissler]:

When I try it with IE and/or Firefox it is all working alright, no problem. No "client used wrong authentication scheme:" turn up for these clients in the error.log.

This is because of the preemptive basic authentication attempt. This should however not affect in any way the second authentication attempt using digest authentication.

@cyberduck
Copy link
Collaborator Author

50433cf commented

I am sorry to be a pain.

This still doesn't explain when the server is configured to use Digest only, Cyberduck's auth request is declined from the server with a 401, whereas IE/Firefox (also using Digest and the same username/password) can get in alright.

Is it possible that the password is encoded differently?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:7 tpreissler]:

I am sorry to be a pain.

This still doesn't explain when the server is configured to use Digest only, Cyberduck's auth request is declined from the server with a 401, whereas IE/Firefox (also using Digest and the same username/password) can get in alright.

Is it possible that the password is encoded differently?

That is correct. I have no explanation why the authentication is refused. The authorization response could be badly written by Cyberduck due to a bug, but I doubt because I cannot replicate any issues with other HTTP servers requiring digest authentication.

Therefore I presume your authentication credentials supplied are different or you are trying to access a different resource on the web server.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug thirdparty Issue caused by third party webdav WebDAV Protocol Implementation
Projects
None yet
Milestone
4.4
Development

No branches or pull requests
2 participants
@dkocher @cyberduck