Context Navigation

← Previous Ticket
Next Ticket →

Opened at 2015-04-11T13:23:19Z

Last modified at 2021-03-30T18:40:19Z

#2401 new defect

authentication via proxy breaks "tahoe backup"

Reported by:	lpirl	Owned by:
Priority:	normal	Milestone:	soon
Component:	code-frontend-web	Version:	1.10.0
Keywords:	authentication wui webapi http websec	Cc:	tahoe-lafs.org@…
Launchpad Bug:

Description

Assume we have a grid with a star-like topology (maybe because you can't get all but one nodes out of their NAT).

As a result, we have one node that can be connected to and all other nodes are (indirectly) reachable through that node.

That node offers the Web API as well as the WUI.

We want to authenticate users that access the WUI as well as the Web API if they do not have a valid CAP already.

Via a Web proxy, we therefore globally add SSL and add Basic Authentication for all locations except /uri/.+.

From my understanding/observations, tahoe backup PUTs all files to / and add them to the directory afterwards.

Due to the Basic Authentication, it dies.

I'd find it desirable to be able to add authentication and to be able to use tahoe backup. This could possibly be achieved by adding Basic Authentication compatibility to the Tahoe client or to let tahoe backup PUT to an URL containing a CAP.