Really Tried to get WebDAV Working on Mac OS X 10.4 (Tiger)
With all the interest in using WebDAV as a network storage protocol for things like dotMac and applications like Skitch, I wondered if it would be possible to get WebDAV working on my older Mac server sitting in my office at home. I have heard it's easy if you have 10.5 (Leopard) but I'm not really ready for that, and it was more for the interest of getting it going on the server and not for any real pressing need. If I had a pressing need, then I'd have it going on Leopard, as it's got everything ready to go. This was going to be interesting.
What I found was that there was a lot of people looking into this in the pre-10.5 days, and it wasn't really all that successful in the general sense. Several folks reported they got something working, but they had to disable all the security measures (like encrypted passwords) and that was simply unacceptable to me.
But I got it close working. The WebDAV service was running in the stock Apache from Apple, and I could get it to authenticate with security, and I even saw the files in the root of the WebDAV service. The problem was that I could not do anything with them. I ended up with complete WebDAV functionality.
I could not read them, or update them, or save files... it was like only a limited subset of the functionality I needed was in the WebDAV client that shipped with 10.4.x. And to that I guess I'm not terribly surprised. It would have been really nice, but I'm not surprised that in order to have this really work I'm going to have to be working with Apache2 and the WebDAV module there. [Really, it turned out to be a configuration problem that I really needed to look at the Apache logs to figure out. There was also a configuration problem on the client I was using (Cyberduck) and I needed to figure out the server before I could figure out the client. But I got both.]
But on the off-chance it's possible to get this finished, here's what I did. First, you need to edit the /etc/httpd/httpd.conf and where you see the lines:
... #LoadModule digest_module libexec/httpd/mod_digest.so ... #LoadModule dav_module libexec/httpd/libdav.so ... #AddModule mod_digest.c ... #AddModule mod_dav.c ...
edit them to remove the comments so that they become:
... LoadModule digest_module libexec/httpd/mod_digest.so ... LoadModule dav_module libexec/httpd/libdav.so ... AddModule mod_digest.c ... AddModule mod_dav.c ...
then, after the block of config that looks like this:
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.php
</IfModule>
add in the configuration for the WebDAV server component:
#
# This is for WebDAV
#
<IfModule mod_dav.c>
DAVLockDB /Library/WebServer/WebDAV/Dav_lock
Alias /webdav /usr/local/davroot
DavMinTimeout 600
<Directory /usr/local/davroot>
Dav On
AllowOverride None
Options FollowSymLinks Indexes
AuthType Digest
AuthDigestFile /Library/WebServer/WebDAV.passwd
AuthName "frosty"
<LimitExcept GET HEAD OPTIONS>
require user drbob
</LimitExcept>
<Limit GET HEAD OPTIONS>
require valid-user
</Limit>
</Directory>
</IfModule>
This ends the editing of the /etc/httpd/httpd.conf file, so you can save it. What will become important later is the location of the directories and files, and the AuthName as that will be used in the password creation command, below.
At this point, it's time to make the location of the 'root' of the WebDAV server. I've chose to hang it off /usr/local, but you can put it anywhere:
cd /usr/local sudo mkdir davroot sudo chown -R www:www davroot
and we also need to make a place for the lock file:
cd /Library/WebServer sudo mkdir WebDAV sudo touch WebDAV/Dav_lock sudo chown -R www:www WebDAV
We're getting close. The next thing to do is to create the password file for the user(s) mentioned in the configuration, above. The AuthName is used here, as is the user drbob as it appears above. To make the password file:
sudo htdigest -c WebDAV.passwd frosty drbob
Finally, we're ready to restart Apache:
sudo apachectl graceful
At this time, on Mac OS X 10.4.x (Tiger), the user will be able to login securely to the URL http://machine/webdav/, and they will be able to see the contents of /usr/local/davroot but they will not be able to save things there, nor will they [and] be able to see, modify, or [and] use anything that they see. It's almost like the initial protocol is supported, but the more advanced stuff the clients have updated, but the server has not. [Everything works as advertised.]
Like I said... if it gets serious, I'll put this on my Leopard box and be done with it. But there's nothing pushing me right now, and I may come back to this and try to see what I need to do to fix it. Hard to tell. But that's what I've done.
UPDATE: Holy Cow! I decided to look at the Apache error and access logs and I figured out the problem. The Alias line above needed to not have the trailing slashes and they needed to match. I removed it from the first argument and restarted and all of a sudden, things started working! I'm amazed. Transmit works, Safari works, the Finder works... everything seems to work just fine. I need to set up SSL on frosty, but that should be pretty easy and when that's done I'll have a secure channel to my home WebDAV! How cool is that?!
Cyberduck still tries to assume it's using Basic authentication, and I can see that, it's not trying Digest, but the WebDAV server understands that and deals with it nicely. It's amazing. Wow.