Hi Dariush,
On 04 May 2014, at 21:03, Dariush Forouher dariush@forouher.de wrote:
Hi!
I'm using apache basic_auth on my webserver that runs Davical and caldavzap/mate.
While caldavzap doesn't seem to be negatively affected by basic_auth, unfortunately it doesn't take advantage of it either. In theory it could skip the login screen and jump right into the calendar. Instead one has to enter his credentials again.
no, basic auth is not related to "fast login" or anything similar. Basic auth = authentication where your username and password is send in the request header without encryption. Another authentication is the Digest auth which uses multiple request/responses and sends your password in hashed form.
There is no real reason to use Digest auth because if you really want to secure your data then you need to use SSL/TLS (and then you can send the authentication information without additional encryption).
For more information see: https://www.ietf.org/rfc/rfc2617.txt
"/auth/" shows that caldavzap correctly receives username/password from the webserver (even when not "logged in" in caldavzap).
No, the auth module cannot return the username/password if you are not logged in. You very probably entered your username + password into the browser authentication window and saved them. Then if you open the /auth/ URL your browser sends the username + password automatically.
Is there a way to make caldavzap (and *mate) to skip the login-screen in such a setup?
It looks like you don't understand the reason why the auth module exists. The MAIN reason is to prevent the browser to show the auth popup if you enter invalid username/password into the login windows (because this problem is no solvable in pure JavaScript).
For more information check the section 6.) at:
https://www.inf-it.com/caldavzap/readme.txt
JM
cheers Dariush