cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/productivity/radicale/pkg
History
sthen ba3bab1654 Patch radicale's htpasswd parser to support bcrypt passwords, from 
Francisco de Borja Lopez Rio.

The htpasswd parser isn't very flexible and only normally handles one
encryption method in the file. So I've also added a patch to recognise
{SHA} from the hash string so that people using this can migrate their
file to bcrypt.

Update README with new htpasswd syntax and information about bcrypt and
migrating.

OK ian@, Sergey Bronnikov (maintainer)
2014-03-26 10:17:02 +00:00
..
DESCR
PLIST
update radicale to version 0.8
2013-10-21 09:47:19 +00:00
radicale.rc
update to radicale 0.6.4, including significant performance improvement
2012-01-12 00:19:54 +00:00
README
Patch radicale's htpasswd parser to support bcrypt passwords, from
2014-03-26 10:17:02 +00:00

README 

$OpenBSD: README,v 1.5 2014/03/26 10:17:02 sthen Exp $

+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------

Radicale will run out of the box but with NO SECURITY.

There are two things you should do to enable security:
enable passwords and enable encryption.

Authentication
==============
To enable simple passwords, edit ${SYSCONFDIR}/radicale/config and change
"type = None" (i.e. passwords are not requested or checked) to
"type = htpasswd".

User password(s) may be created with htpasswd(1); e.g.
"htpasswd ${SYSCONFDIR}/radicale/users username".

As of radicale-0.8p0, the OpenBSD port of Radicale has been modified
to support bcrypt password hashes.

Previous versions required old unix "crypt" or unsalted SHA-1 hashes
of passwords, neither of which are safe.

Users of previous versions should set "htpasswd_encryption = bcrypt"
in ${SYSCONFDIR}/radicale/config and update their saved passwords when
possible (to help with migration, existing SHA hashes stored with a
"{SHA}" prefix in the users file will still work with the new setting).

By default all calendars may be accessed by any authenticated user.
To restrict calendars so that "/user1/calendar_name" can ONLY be
accessed by user1, also change "personal = False" to "personal = True".

For further authentication options (including deferring authentication
to an existing IMAP server), consult Radicale's documentation.

Encryption
==========
To enable encryption, you need both to change "ssl = False" to
"ssl = True" in file "config", and install a certificate and key in
the files named in "certificate" and "key".
Note that it does not suffice to change these variables to point
at a certificate installed in /etc/ssl because the key
file will be unreadable (/etc/ssl/private has restricted
directory permissions).
Either copy your existing key and certificate to the locations
in ${SYSCONFDIR} and owned by (and only readable by) the user _radicale,
or, generate a self-signed RSA server certificate as described
in ssl(8) (but changing /etc/ssl to ${SYSCONFDIR}/radicale).