## April 18, 2005

### WebDAV

I’ve recently started using WebDAV to share files with a colleague at another University, for a joint project. Not a big deal, really. There are lots of ways to share files, including emailing them back and forth.

But the integration of WebDAV support in the MacOSX Finder is particularly nice. With a couple of mouseclicks, he can mount the shared DAV directory on his Desktop, double-click on files to open them, drag&drop files to/from his own hard drive. The Finder takes care to warn him if he attempts to overwrite a newer version of a file in the DAV directory. And the WebDAV protocol takes care of file-locking etc.

To set up a shared DAV directory, I needed to

1. Create a directory, owned by www.
2. Configure the webserver to use that directory as a DAV share
<Directory /Users/distler/Sites/[sS][oO][mM][eE][dD][iI][rR]>
DAV On
AuthType Digest
AuthDigestFile /usr/local/apache2/var/davusers
AuthDigestGroupFile /usr/local/apache2/var/davgroups
AuthDigestDomain /~distler/somedir/
AuthName "dav"
AllowOverride None
require group youcantoo
</Directory> 
3. Create a digest password for my colleague, using htdigest.
4. Add him to the appropriate group in /usr/local/apache2/var/davgroups.

Connecting to the server is as simple as hitting -K in the Finder, typing in the URL (the Finder remembers recently-accessed URLs), and entering a password (which can be stored in the Keychain).

Sweet!

Posted by distler at April 18, 2005 9:23 AM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/557

### Re: WebDAV

The right way to do this would of course be a CVS (or friends) repository: Automatic versioning and merges if possible. The only problem is, how do you convince your colleagues to learn how to use it.

Or for that matter, how do you convince some unnamed faculty member to use the computer at all. I’m now back to implementing the handwritten corrections…

PS: As more web servers are going to run with selinux, one also has to make sure that the security context of the directory allows the web server access, e.g. fedora: “chcon -t httpd_user_content_t www”

Posted by: Volker Braun on April 18, 2005 10:15 AM | Permalink | Reply to this

### Version Control

Version Control is the next frontier.

CVS is one possibility. WebDAV also has versioning in RFC 3253. I don’t know whether Apple’s implementation supports RFC 3253, but the point is moot, as mod_dav certainly doesn’t.

Posted by: Jacques Distler on April 18, 2005 11:13 AM | Permalink | PGP Sig | Reply to this

### Re: Version Control

Wow, I did not know that they already crammed versioning into WebDAV. The Apache docs make it sound like mod_dav even supports it. Maybe I should give it a try…

Apparently, one can even use subversion as a backend. If clients don’t understand the versioning extensions, the server can be configured to automatically generate new revisions.

Posted by: Volker Braun on April 18, 2005 12:45 PM | Permalink | Reply to this

### Subversion

I should have been more precise. mod_dav_fs (which is what I am using) does not support Version Control. But mod_dav_svn does.

In its simplest incarnation, a user can use mod_dav_fs as a provider for mod_dav. mod_dav_fs uses the ordinary filesystem to store files and directories, and only understands vanilla WebDAV methods, not DeltaV.

Subversion, on the other hand, uses mod_dav_svn as a provider for mod_dav. mod_dav_svn understands all WebDAV methods except LOCK, and understands a sizable subset of DeltaV methods.

Very interesting. I shall have to explore. But, given that the MacOSX Finder is very unhappy with WebDAV servers without LOCK support, not until I move to Apache 2.1.

Posted by: Jacques Distler on April 18, 2005 2:47 PM | Permalink | PGP Sig | Reply to this

### Re: WebDAV

Is this secure ? I once tried and couldn’t make it work encrypted. But that was a while ago and https support may have sneaked in…

So far I use webdav for managing/synching Bookmarks (OmniWeb) and iCal (not willing to shell out \$100 for a .Mac account, for a feature that ought to be free), and I do not much care whether this is secure or not.

Posted by: WL on April 18, 2005 2:24 PM | Permalink | Reply to this

### Security

I have (as you can see) set it up to use MD5 Digest Authentication. This is moderately secure, but certainly does not use an encrypted channel.

I haven’t tried using it over HTTPS.

Posted by: Jacques Distler on April 18, 2005 3:02 PM | Permalink | PGP Sig | Reply to this

### Re: Security

I’ve been using WebDAV over HTTPS (ie, Apache-SSL 1.3.26 with mod_dav, over a self-signed certificate) for quite some time now, and have not had “troubles”; at least so far… ;)

Posted by: Daniel Doro Ferrante on April 19, 2005 4:41 PM | Permalink | Reply to this

### Re: WebDAV

WebDav works great over HTTPS : Great solution for sharing bookmarks. OmniWeb supports synchronizing bookmarks via webDav. Or You can use iCal to share appointments.

Posted by: Lucid Information Systems on September 11, 2005 4:16 PM | Permalink | Reply to this

### Re: WebDAV

I agree with Volker, that CVS is my prefered tool to write papers with more than one author. Versioning is great but merging is even more imporant as the typical paper is just one big TeX file and passing around the “is allowed to make changes”-pumpkin process is a) errorprone and b) stops (n-1) authors from typing. And yes, it is hard to convince the co-authors to use it and to teach them to actually do something when cvs commit reports conflicts.

But that step forward is even a greater achivement than teaching people not to send TeX files by cut and paste into email but to use the ‘power user feature’ “attachment” in the mail-client as this does not introduce the inverted exclamation marks in front of all paragraphs starting with From.

Posted by: Robert on April 19, 2005 3:25 AM | Permalink | Reply to this

### Re: WebDAV

CVS is passe now. subversion is far superior to CVS *AND* can be mounted AS a WebDAV share while still maintaining the complete version history and merge states!

Posted by: Robert Cooper on April 19, 2005 4:09 PM | Permalink | Reply to this

### Re: WebDAV

No, it’s not at all secure.

Trouble is Panther doesn’t do webdav over SSL. At all.

For no good reason, as far as I can make out. Using stunnel to forward a local port to https:// on the server is a possibility, but proxying DAV is tough (you need to patch the server since DAV by default uses absolute URLs for COPYs and MOVEs).

The good news is Tiger finally fixes this, with full webdavs:// support.

Posted by: Dick Davies on April 20, 2005 4:26 AM | Permalink | Reply to this

### Tiger

Those of us using self-signed certificates will, presumably, still have a bit of a time getting Tiger’s Finder to recognize them. Hopefully, the same trick that works with Safari (and other WebCore applications) will work with Tiger’s Finder.

Anyway, I eventually hope to move to something with DeltaV support. Subversion sounds like a good bet on the back-end, though its lack of LOCK support is troublesome. I also looked at Catacomb, which compiles, but does not run under MacOSX.

On the client side, I doubt the Tiger Finder is a DeltaV client. Indeed, I’m not sure there exists a DeltaV client for MacOSX.

Posted by: Jacques Distler on April 20, 2005 9:39 AM | Permalink | PGP Sig | Reply to this

### Re: WebDAV

Have you actually verified this? I have not been successful using a WebDAV share via https (using e.g. https://test.webdav.org/dav).

Posted by: Felix on May 3, 2005 2:35 PM | Permalink | Reply to this

### Re: WebDAV

Yes.

After upgrading my iBook to Tiger and reinstalling my SSL Site Certificate, I had no trouble connecting over SSL to my WebDAV share.

Posted by: Jacques Distler on May 3, 2005 10:08 PM | Permalink | PGP Sig | Reply to this

### Re: WebDAV

THANK YOU for posting your Tiger experience with SSL and WEBDAV. I have been waiting all this time to see if Apple finally integrated the two in Finder and no one at Apple stores seems to care about my question.

Apple’s website alludes to it, but does not mention that it is integrated with the Finder.

Posted by: noone on May 5, 2005 9:37 PM | Permalink | Reply to this

### WebDAV on Tiger?

Are you actually running the server on Tiger as well or only the client? I am having serious issues with my WebDAV _server_ after ugrading it to Tiger (re-compiled httpd-2.0.54 from source with the same settings as what I sued before and what worked) but I just cannot get any file larger than 64k - all the downloads seem to be limited to a max of 64k? Since this also applies to my subversion checkouts, things are pretty much useless at the moment…

Re: Subversion and LOCK support - you might want to try and use the 1.2rc - it has LOCK support and autoversioning is supposed to work just fine with the Finder.

Posted by: Andreas on May 6, 2005 1:33 PM | Permalink | Reply to this

### Server

Are you actually running the server on Tiger as well or only the client?

Both.

I just cannot get any file larger than 64k - all the downloads seem to be limited to a max of 64k

I seem to have no trouble downloading a 158KB PDF file. I’m using mod_dav_fs, not mod_dav_svn.

I didn’t recompile the server (httpd-2.0.54), after upgrading, so I can’t comment on any problems compiling it under gcc 4.0.

Posted by: Jacques Distler on May 6, 2005 1:43 PM | Permalink | PGP Sig | Reply to this

### Re: Server

I didn’t recompile the server (httpd-2.0.54), after upgrading, so I can’t comment on any problems compiling it under gcc 4.0.

You probably should hold off on doing that then… I went back to 10.3 and everything works fine now.

Here are a few more links to people reporting problems with compiling apache and subversion on Tiger:

Posted by: Andreas Amann on May 12, 2005 4:18 PM | Permalink | Reply to this

### Re: Server

You probably should hold off on doing that then …

Too late. In an effort to get Catacomb to work (I can compile it under gcc 4.0, but the dynamic module fails to load), I recompiled and reinstalled Apache 2.0.54.

So far, I have no problem opening a 200 KB PDF file over WebDAV. Nor do I have any problem downloading the 1.5MB jpegs in my photo gallery.

I don’t know why other people are having problems, but my version of Apache, compiled with gcc 4.0, and running on Tiger, seems to work just fine.

Posted by: Jacques Distler on May 12, 2005 5:11 PM | Permalink | PGP Sig | Reply to this

### Re: Server

Just a guess - are you compiling everything statuc or as dynamic modules? Most people seem to have problem with dynamic modules (which is what I have and couldn’t get to work either)

Posted by: Andreas Amann on May 12, 2005 8:14 PM | Permalink | Reply to this

### Compilation options

./configure --with-ssl=/sw --enable-mods-shared=all \
--enable-deflate=shared --enable-ssl=shared
make
sudo make install

Posted by: Jacques Distler on May 12, 2005 8:29 PM | Permalink | PGP Sig | Reply to this

### Re: WebDAV

I tried setting up a WebDAV space through Apache 2.0 with mod_dav and mod_dav_fs and SSL. However, I hate these endless username/password quotes. I have my own Certificate Authority and handed the users their own personal signed certificate. Unfortunately there seems to be no way whatsoever to tell the Finder which certificate to use to connect to a WebDAV repository through https. I told Apache to hard check the client certificate against my own Root cert. It works with Safari/Firefox etc because you can tell them to use a certain client cert (imported through a PKCS12 .p12 file). So much for a mature SSL/TLS based implementation in the Finder for these things…

Posted by: Simon de Hartog on January 5, 2006 4:58 PM | Permalink | Reply to this

### Authentication

Hmmm… I never tried using client certificates for authentication.

If you don’t mind storing your username/password in the Keychain, you don’t have to re-enter it every time you connect the the WebDAV server.

Posted by: Jacques Distler on January 5, 2006 5:33 PM | Permalink | PGP Sig | Reply to this