I configured an apache webdav server as follow:
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName webdav.internal.example.local
SSLEngine on
SSLCertificateFile /data/certs/cert.pem
SSLCertificateKeyFile /data/certs/cert.key
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLSessionTickets off
DavLockDB "/var/lib/dav/DavLock"
Alias "/shares" "/shares/"
<Directory "/shares/">
Dav On
Options +Indexes
IndexOptions Charset=UTF-8
DirectoryIndex disabled
IndexOptions FancyIndexing
IndexOptions HTMLTable
IndexOptions SuppressDescription
IndexOptions SuppressRules
IndexOptions NameWidth=*
IndexOrderDefault Ascending Name
IndexOptions IgnoreCase
IndexOptions FoldersFirst
IndexOptions VersionSort
AuthType Basic
AuthName "private area"
AuthBasicProvider PAM
AuthPAMService apache
Require valid-user
</Directory>
# These disable redirects on non-GET requests for directories that
# don't include the trailing slash (for misbehaving clients).
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^Microsoft-WebDAV-MiniRedir" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully
BrowserMatch "^gvfs" redirect-carefully
BrowserMatch "^Jakarta-Commons-VFS" redirect-carefully
</VirtualHost>
The problem is that the directories are owned by different groups. The apache web server is running with the user www-data and of course this user can't access the directories.
It is possible to configure apache that the user permissions will use the read/write permissions of the authenticated user to access the directory?.
I used also the kerberos authentication, but it hasn't worked.
