Skip navigation

Recurring CalDAV login issues with iPhones and SLS (10.6 Server)

74939 Views 151 Replies Latest reply: Nov 8, 2013 7:17 AM by StephenM RSS
  • josephcorbett Calculating status...
    I had suggested that we get very noisy and contact the CEO of Apple. Apparently that's not allowed.
    MacBookPro6,2, Mac OS X (10.6.4)
  • Todd Fleisher Level 1 Level 1 (5 points)
    Luckily I have email notifications turned on for this thread. I found your rant to be hilariously classic while still making some valid points. Don't let Apple's moderation of your post deter you from making your voice heard elsewhere about this issue. My only advice would be to try and keep it more factual & less animated - that will probably garner you more respect from people like Jobs than ranting will. YMMV.
    MacBook Pro 2.93GHz Intel Core2 Duo/27" iMac 2.3GHz i3, Mac OS X (10.6.5)
  • wsanchez Calculating status...
    Hi folks, I'm sorry you're having such a big problem with this, but I thought I'd offer up an update and ask for some testing help. We think we've finally narrowed the problem down to something related to digest authentication.

    Here's how you can try to work around this: if you run an SSL-only server (please don't do this if you allow non-encrypted traffic to your server, or you will drastically lower your network security), then try disabling digest authentication and enabling basic instead.

    To do this, you'll need to edit /etc/caldavd/caldavd.plist and change the value for Authentication->Basic->Enabled to true and Authentication->Digest->Enabled to false, then restart your server.

    Back that file up before you start so you can revert if things go funny on you; a wrong config can cause your server to fail to start up at all, or cause other problems. After restarting your server, make sure it's operating properly, then wait and see if this problem persists.
  • Vermyndax Level 1 Level 1 (30 points)
    Will try this tonight... thanks W.
    Mac Pro 8-core 2.8ghz (Jan 2008), 32gb RAM, 3TB disk space, Mac OS X (10.6.4)
  • josephcorbett Level 1 Level 1 (0 points)
    I didn't say anything that wasn't based on facts, I admittedly was quite "animated". Being the go to "IT Guy" the "Sys Admin" and/or the "resident geek" when things are not working perfectly really *****. The only time people care about you or your job is when things are not working right. I've had to send out announcements to my team about this bug so they don't think I'm a complete idiot. Here is the most recent one I made.

    https://files.me.com/josephcorbett/vjx5v0

    The reality is I put my name and reputation on the line when I advise my company to use these products and right now I'm getting burnt because of it. I really just want to fix this issue.
    MacBookPro6,2, Mac OS X (10.6.4)
  • apullen Calculating status...
    Trying this right now. Thanks for looking into this!
  • josephcorbett Level 1 Level 1 (0 points)
    Fingers crossed for you guys, I'm honestly too scared to try it myself I've put my team through **** recently trying to troubleshoot this. Let us know how it goes!
    MacBookPro6,2, Mac OS X (10.6.4)
  • apullen Level 1 Level 1 (0 points)
    We have one iPhone 4 user who receives the error popup when he restarts his phone... every time. After editing the plist file suggested above, he does not get it. It will take a day or two at most to really test to make sure we aren't getting the error, maybe less if it happens again. But so far, so good!
  • josephcorbett Level 1 Level 1 (0 points)
    That is incredible news!
    MacBookPro6,2, Mac OS X (10.6.4)
  • Todd Fleisher Level 1 Level 1 (5 points)
    Trying this on mine. Since I don't know what triggers the bug I guess I'll just have to wait and see. Thanks!
    MacBook Pro 2.93GHz Intel Core2 Duo/27" iMac 2.3GHz i3, Mac OS X (10.6.5)
  • Xalio Calculating status...
    Awkwardly, I've never had this issue on my iPhone 4 with carddav.

    But my girlfriend's iPhone 3Gs has the issue and a friend's iPhone 4 too.

    I'm waiting for a solution.

    Hope Lion Server will solve the problem =P
  • OoO_Bailey_OoO Level 1 Level 1 (0 points)
    Thanks for the proposed solution.
    I'm new to this, but I just wanted to make sure I understand.

    You don't recommend turning Digest authentication off if our server allows unencrypted traffic, correct?

    If we're talking about iPhones/iPods using CalDAV, the chances are the server is exposed to unencrypted traffic unless these devices connect only over Wi-Fi, no? The majority of us would be in the position unless I'm misunderstanding something.

    I just want to understand the risks of trying this change.

    Thanks
    Mac Mini mid-2010, Mac OS X (10.6.5), Airport Extreme, iPhone iOS 4.2
  • Todd Fleisher Level 1 Level 1 (5 points)
    That's correct. By default, iCal operates on port 8008 for unencrypted traffic & port 8443 for encrypted (SSL) traffic. If you firewall off port 8008 & make sure port 8443 is open that will force users through an encrypted session to the server.

    Even if you're using 3G (as opposed to wifi) on an iPhone - sending your password in the clear using basic authentication without an encrypted connection to the server is a security exposure.
    MacBook Pro 2.93GHz Intel Core2 Duo/27" iMac 2.3GHz i3, Mac OS X (10.6.5)
  • TonyE Calculating status...
    Sadly the problem still persists after changing the plist file.

    After the change the beginning of my plist looks like:


    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>AccessLogFile</key>
    <string>/var/log/caldavd/access.log</string>
    <key>AdminPrincipals</key>
    <array/>
    <key>Aliases</key>
    <dict/>
    <key>Authentication</key>
    <dict>
    <key>Basic</key>
    <dict>
    <key>Enabled</key>
    <true/>
    </dict>
    <key>Digest</key>
    <dict>
    <key>Algorithm</key>
    <string>md5</string>
    <key>Enabled</key>
    <false/>
    <key>Qop</key>
    <string></string>
    </dict>
    <key>Kerberos</key>
    <dict>
    <key>Enabled</key>
    <false/>
    <key>ServicePrincipal</key>
    <string></string>
    </dict>
    <key>Wiki</key>

    I rebooted the server. Everything ok for about two hours then asked for password again on the iphone and ipad and also get a popup from iCal on my MacBookPro.
    Mac Pro, Mac OS X (10.6.5)
  • wsanchez Level 1 Level 1 (15 points)
    Whether you use the cellular network or WiFi to get to the server isn't relevant. What matters is whether you use SSL to secure the traffic or not. You don't want to enable basic auth on a server that allows non-SSL connections, so don't enable basic unless you require SSL.
1 2 3 4 5 6 ... 11 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (5)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.