* This note is based on several instruction I found on the web,
e.g., John Manning's http://electronworks.com/dav/dav-jag.txt

At the end of this note, I added also how to use "Digest" (better) authentication.

Enabling WebDAV and publishing your iCal calendar
=================================================

This will work on a default installation of 10.2 and 10.2.1 (confirmed on 10.2.1). 

1) Make a backup copy of the Apache configuration file:
	sudo cp /etc/httpd/httpd.conf /etc/httpd/httpd.conf.org
	
2) Make the directory where you'll serve the documents from:
	cd /Library/WebServer/Documents
	sudo mkdir DAVdocs
	sudo chown www:www DAVdocs

3) Create a directory for WebDAV to store its locks and other data:
	cd /Library/Webserver/
	sudo mkdir DAVLock
	sudo chown www:www DAVLock

4) Edit httpd.conf:
	sudo vi /etc/httpd/httpd.conf

   Find these two lines:
	#LoadModule dav_module libexec/httpd/libdav.so
	#AddModule mod_dav.c

   Uncomment both (remove the "#"). 

   At the end of the file, add the following:

	#
	# Settings for WebDAV Server
	#
	#
	DAVLockDB /Library/WebServer/DAVLock/DAVLock
	<Directory "/Library/WebServer/Documents/DAVdocs/">
		DAV On
		DAVMinTimeout 600
		DAVDepthInfinity On
		
		AllowOverride None
		AuthName "WebDAV Restricted"
		AuthType Basic
		AuthUserFile /Library/WebServer/.davuser
		
  		<LimitExcept GET HEAD OPTIONS> 
    			Require user your_ID
  		</LimitExcept> 
    		Require valid-user 
	</Directory>

This sets the directory DAVdocs to be your WebDAV-enabled directory,
with Basic Authentication checking the valid users against the password file, 
/Library/WebServer/.davuser.  

With the above <LimitExcept ...>, while the others can subscribe to your calendars,
only you (your_ID) (who has write-permission) can publish changes.

AllowOverride can be set to "AuthConfig", and the authorization directives can be put 
in a .htaccess file.  See below how to use the .htaccess file.

5) Create a new user/password file:
	cd /Library/Webserver
	sudo htpasswd -c .davuser user_name

   You'll be prompted for a password, and asked to confirm it.
   To add more users to the same file, type the same "htpasswd" command without "-c".

6) Restart the webserver:
	sudo apachectl graceful

If you get any message other than "httpd gracefully restarted", something messed up. 
To restore the original Apache settings:
	sudo cp /etc/httpd/httpd.conf.org /etc/httpd/httpd.conf
	
7) Publish your iCal calendar:
   a. Run iCal.
   b. Select "Publish" from Calendar menu.
   c. Type the calendar name to be used.
   d. Click "Publish on a web server"
   e. You may need to click "Publish on a web server" and "Publish on .Mac" several
      times until you see "URL", "Login" and "Password" in the dialog box.
   f. Type URL where you publish the calendar:
	http://YourHostNameHere/DAVdocs/
   h. Type your user id and password as you specified in the .davuser file.
   i. Click "Publish".

8) To subscribe,
	Use the URL as: http://YourHostNameHere/DAVdocs/CalendarName.ics. 
   You must enable Advanced Options and enter the user id and password you set up.


Using a .htaccess file
=================================================

If you use "AllowOverride AuthConfig" instead of "AllowOverride None" in the step 4,
you can put authentication directives in .htaccess and put it in the directory you want
to protect.

1) Create a .htaccess file in the directory, /Library/WebServer/Documents/DAVdocs
   (the root of your main WebDAV directory). Put the following into the .htaccess:
	AuthName "WebDAV Restricted"
	AuthType Basic
	AuthUserFile /Library/WebServer/.davuser
	
  	<LimitExcept GET HEAD OPTIONS> 
    		Require user your_ID
  	</LimitExcept> 
    	Require valid-user 

2) Change the owner:
	sudo chown www:www /Library/WebServer/Documents/DAVdocs/.htaccess
	
By using .htaccess file, authentication rules can be changed without restarting Apache.


Using Digest Authentication
===========================

There is a risk to using "Basic" authentication, since the username and password are weakly encoded.  The new authentication scheme, "Digest" authentication uses strong encryption to protect the password.

In order to use the "Digest" authentication scheme, you need to install Apache 2.0, 
or download a recompiled "mod_auth_digest" module for Apache 1.3 (the one that comes
with Mac OS 10.2) as below.

1) Download the module "mod_auth_digest" from:
	http://mithras.homeunix.net/downloads/mod_auth_digest.so.tgz

2) Untar the module and put it in /usr/libexec/httpd

3) Add these lines to httpd.conf:
	LoadModule digest_auth_module /path/to/mod_auth_digest.so
	AddModule mod_auth_digest.c
	
4) WebDAV setting with Digest authentication in the httpd.conf is:
	#
	# Settings for WebDAV Server
	#
	#
	DAVLockDB /Library/WebServer/DAVLock/DAVLock
	<Directory /Library/WebServer/Documents/dav/billy>
		DAV On
		DAVMinTimeout 600
		DAVDepthInfinity On

		AllowOverride None
		AuthType Digest
		AuthDigestFile /Library/WebServer/.davuser
		AuthDigestDomain /DAVdocs/
		AuthName "WebDAV Restricted"

  		<LimitExcept GET HEAD OPTIONS> 
    			Require user your_ID
  		</LimitExcept> 
    		Require valid-user 
	</Directory>

5) Create a user/password file with the "htdigest" command instead of "htpasswd":
	cd /Library/Webserver
	sudo htdigest -c .davuser "WebDAV Restricted" user_id

6) Restart the webserver:
	sudo apachectl graceful