-
-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow disabling auth again even with list of users (delegating authentication) #174
Comments
The README says:
Have you tried that? |
I need the list to give them access to custom path based on their username. |
This is a very interesting use case. It seems you were relying on something we had built in in version 4.2.0 and older that was designed to work out with the old plugin for Caddy (see code here). I had this code removed from version 4.3.0 since it was never meant to be used for other purposes. However, I think you have a valid point and I will see how we can best do this. I assume you're proxying the basic auth user. I see three options:
Since this "feature" was never intended to be used this way I'm a bit torn. I'm more inclined for option 2. |
Correct. I wanted to update it since I had trouble with missing files/directories, (possibly unrelated to this webdav server) and saw the breaking changes.
Here's my setup: I did this configuration a while ago and I'm not sure if everything is required, I intend to switch to kanidm, but principal is the same: check method of auth (can be other than basic) and if valid transfer request adding a header with username to backend service.
(you mean three). Option 2 is indeed the best, option 3 is impossible since password in the authorizing service are unknown (hashed). |
From the 5.0.0 release note:
My setup was using nginx to authenticate users with a LDAP server and forwarding the header X-Forwarded-For so that webdav recognize the user and give gim the right directory for him. I was using auth: false in the config of webdav.
With the latest version, I can't do this anymore since authentication is mandatory.
Please allow to again disable authentication so we can transfer the authentication to another service if we need to.
The text was updated successfully, but these errors were encountered: