15.1 Planning Your WebDAV Implementation

15.1.1 Understanding the Different Types of WebDAV Authentication Methods

Novell Filr supports the following WebDAV authentication methods:

  • Basic Authentication: The user name and password are encoded with the Base64 algorithm. The Base64-encoded string is unsafe if transmitted over HTTP, and therefore should be combined with SSL/TLS (HTTPS).

    For more information, see Choosing Basic Authentication.

    If you plan to use Basic authentication over a non-secure connection (HTTP), you need to modify the registry on each Windows 7 client workstation, as described in Section 15.5, Allowing Basic Authentication over an HTTP Connection on Windows 7. The registry modification allows users to use WebDAV with Microsoft Office 2007. However, Microsoft Office 2010 is not supported.

  • Digest Authentication: Applies MD5 cryptographic, one-way hashing with nonce values to a password before sending it over the network. This option is more safe than Basic Authentication when used over HTTP.

    For more information, see Choosing Digest Authentication.

15.1.2 Using WebDAV When Filr Is Fronted by NetIQ Access Manager

If your Filr system is fronted by NetIQ Access Manager, you must use the designated WebDAV authentication method:

Product Fronting Filr

Designated Authentication Method

NetIQ Access Manager

If your Filr installation is fronted by NetIQ Access Manager, as described in Section 1.8, Changing Reverse Proxy Configuration Settings, you must use basic authentication for your WebDAV implementation.

During the Filr appliance configuration, select basic when configuring WebDAV, as described in Section 1.12, Changing WebDAV Authentication Configuration Settings.

15.1.3 Meeting Filr Certificate Requirements on Windows 7

If you are using WebDAV functionality (Edit-in-Place) with Filr on Windows 7 with a secure (HTTPS) connection, ensure that the Filr server certificate requirements are met. If all of the requirements are not met, various Windows 7 services fail.

Filr server certificate requirements:

  • You must use a trusted server certificate that is accepted by Windows 7. This server certificate must be signed by a trusted certificate authority (CA) such as VeriSign or Equifax.

    NOTE:You can use a self-signed certificate only if the certificate is imported into the Trusted Root Certification Authorities store on each Windows 7 client computer.

  • The trusted server certificate must be issued to a name that exactly matches the domain name of the URL that you are using it for. This means that it must match the URL of your Filr site.

  • The date range for the trusted server certificate must be valid. You cannot use an expired server certificate.

  • The Windows 7 system must be adjusted to enable FIPS-compliant algorithms for encryption, hashing, and signing, unless you are using Novell Access Manager 4.1.1.

    1. From the Start menu, type Local Security Policy, then press Enter.

    2. Expand Local Policies, then select Security Options.

    3. Enable the following setting:

      System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

15.1.4 Using OpenOffice as Your Document Editor for WebDAV

If your environment does not require the use of Microsoft Office, you might consider migrating users to OpenOffice 3.1 or later as their document editor. Using OpenOffice 3.1 or later provides seamless integration between the WebDAV server and Filr, regardless of which operating system is being used.