[Cyberduck-trac] [Cyberduck] #7163: Support of authentication cookies
Cyberduck
trac at trac.cyberduck.ch
Tue Apr 16 12:37:49 UTC 2013
#7163: Support of authentication cookies
-------------------------+---------------------------
Reporter: elgo | Owner: dkocher
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.3
Component: webdav | Version: 4.2.1
Severity: critical | Resolution: worksforme
Keywords: | Architecture:
Platform: |
-------------------------+---------------------------
Comment (by elgo):
Ok, I gathered some more data, and I can confirm than "it works" out of
the box I connect directly into the directory protected (/secure).
But I I first connect to the parent unprotected directory (/), then going
into the protected directory fails. It seems to replicate the problem
encoutered with usual browsers that "use" the credentials (so the OTP) on
prefetching some files (like index.* or favicon. Cyberduck looks for a
favicon too) but doesn't retain the cookie they got at these steps. Then
OTP is not valid anymore.
See: http://freeradius.org/mod_auth_radius/README at "Some warnings".
Logs:
{{{
HEAD / HTTP/1.1
Host: 10.163.4.168
Connection: Keep-Alive
User-Agent: Cyberduck/4.3 (Mac OS X/10.6.8) (i386)
Authorization: Basic
ZmxvcmVudC5kdXRoZWlsOkhBaTFjaGlvdDRjZXRkdm5sbmhodmt2ZHVpcmVqamd0dmNmdHZoZW5ldmVsbHVyZnRqbmZkaw==
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 12:34:13 GMT
Server: Apache/2.2.14 (Ubuntu)
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
PROPFIND / HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 10.163.4.168
Connection: Keep-Alive
User-Agent: Cyberduck/4.3 (Mac OS X/10.6.8) (i386)
Authorization: Basic
ZmxvcmVudC5kdXRoZWlsOkhBaTFjaGlvdDRjZXRkdm5sbmhodmt2ZHVpcmVqamd0dmNmdHZoZW5ldmVsbHVyZnRqbmZkaw==
HTTP/1.1 207 Multi-Status
Date: Tue, 16 Apr 2013 12:34:14 GMT
Server: Apache/2.2.14 (Ubuntu)
Content-Length: 2652
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/xml; charset="utf-8"
PROPFIND /secure/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 10.163.4.168
Connection: Keep-Alive
User-Agent: Cyberduck/4.3 (Mac OS X/10.6.8) (i386)
Authorization: Basic
ZmxvcmVudC5kdXRoZWlsOkhBaTFjaGlvdDRjZXRkdm5sbmhodmt2ZHVpcmVqamd0dmNmdHZoZW5ldmVsbHVyZnRqbmZkaw==
HTTP/1.1 401 Authorization Required
Date: Tue, 16 Apr 2013 12:34:18 GMT
Server: Apache/2.2.14 (Ubuntu)
WWW-Authenticate: Basic realm="RADIUS authentication for localhost"
Content-Length: 479
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
}}}
--
Ticket URL: <http://trac.cyberduck.ch/ticket/7163#comment:3>
Cyberduck <http://cyberduck.ch>
Open source FTP, SFTP, WebDAV, Cloud Files, Google Docs & Amazon S3 Browser for Mac & Windows.
More information about the Cyberduck-trac
mailing list