Open dceejay opened 9 months ago
dceejay
commented
9 months ago I "think" the issue is that there is now authorisation checks all over the place - but no way to turn them off in the config... I think there should probably be some config check around here https://github.com/tkuester/taky/blob/73116b824edef58823c0eaa0856b6e0ef2c66a75/taky/dps/__init__.py#L18
tkuester
commented
9 months ago Hey! Sorry I've been away for so long on this.
I'm trying to think of a way to provide access to this in a bit more of a fine grained way. Would you consider something like an option to allow certain IP addresses (ie: 127.0.0.1) access without providing credentials?
dceejay
commented
9 months ago Sure. But I'd also like to allow ranges eg a local subnet eg 192.168.1.*
lucasburlingham
commented
3 months ago I ran into this issue today. I think what needs to be done is that before the headers are checked, it should check to see if SSL is on or not. If it is, fine, check the headers. But if its not (like in my case), don't check the headers because we know none are to be had.
Once I get the time I'll see what I can do - this seems like it would be a simple (enough) fix given time and focus.
EDIT: I found the time, and is quite rewarding considering I need to be able to sync files from EUD's this week to save face at work, but yet another reason to use OSS. Please find my fixes in #94. For the meantime, my fork is located at thebarracksarmy/taky and I'll keep it abreast of changes here until this issue gets fixed.
Hi Tim
I'm trying to use Taky 0.9 - and All I get when try to use taky_dps with no ssl is errors like
Only the get version seems to work... What am I missing ?
the relevant part of taky.conf is
In the changelog I see mention of
DPS endpoints that don't require client certificates- where are these documented ? How would you set a device to use them if they are on a different path as my device only lets me specify the base server.