Published on MacDevCenter (
 See this if you're having trouble printing code examples

Serve Your iCal Calendars Using WebDAV

by Erik T. Ray

iCal has only been out a couple of weeks, and already hundreds of people are publishing their own calendars for subscription. Apple's site has a bunch of calendars for obvious things like sports events and holidays. To this set people have added ingenious things like a Space Shuttle launch schedule, this season's episodes of Buffy the Vampire Slayer, and the session schedule for the upcoming Mac OS X Conference. A whole culture is growing up around this humble iApp.

You can set up your own plot of Gregorian-space. All you need is Mac OS X 10.2, the free download of iCal, and a place to host your calendars. Apple will host it for you on your .Mac account (if you've paid the $100 annual fee). But if you're like me and you already have access to a Web server, it may seem redundant and expensive to get a .Mac account. What can you do?

The least complicated option is just to export the calendar to an .ics file and put that up on a Web site. Select File -> Export from the iCal menu and save the file. Move the file to a Web server, and you're done. To subscribe to your calendar, your buddies will have to go into iCal, select the Calendar -> Subscribe... menu option, and type the URL of your calendar file into the dialog box. iCal will happily subscribe to it and add its entries to its own.

The problem with this way is that it's a lot of work to update the calendar. iCal has a feature that allows it to update calendars automatically through a protocol called WebDAV. You just select the menu Calendar -> update, and in a few seconds the published calendar is up to date.

WebDAV stands for "Web-based Distributed Authoring and Versioning." It enables you to edit and manage files on a Web server remotely and in collaboration with others. You can read more about it at MacOS X supports WebDAV as a flavor of shared volume that you can mount through the Finder's Go -> Connect To menu command. And it's the way iCal outputs data to remote servers.

I went through the process of installing WebDAV on my server (Apache on Mac OS X 10.2). Here's how I did it:

1. Install the Apache Module mod_dav.

Download the latest mod_dav package from Look for a link containing the suffix "tar.gz." Unpack this file with gzip and tar or stuffit. In a terminal, find the directory containing the WebDAV files, and run these commands:

sudo make install

The module will be installed in the right place, along with other Apache modules. However, you need to edit the configuration file to enable it in Apache.

2. Enable WebDAV in the Apache Config File.

Apache's configuration file is /etc/httpd/httpd.conf. Before you do anything, make a backup of it, in case you screw up and have to backtrack. You can just copy it to httpd.conf.bak, for example. Now open up the file in an editor. You may have to become root to do this, by preceding the command with sudo, like this:

sudo emacs /etc/httpd/httpd.conf

Zoom down to the end of the file and add this text:

DAVLockDB /usr/share/httpd/conf/DAVLock
DAVMinTimeout 600
<Location /dav/>
  DAV On
  AuthType Basic
  AuthName "WebDAV Restricted"
  AuthUserFile /Library/WebServer/.basic_pw
  <LimitExcept GET HEAD OPTIONS>
    Require user webdav

The first line sets up a database file that WebDAV uses to track who's editing which file. It will lock a file to prevent something dangerous happening, like two people trying to update it at once. The second line tells the Web server not to wait forever if the remote computer loses connection with it. The <Location> tags set the context of the WebDAV settings to be for the directory /dav which we will set up under the document root.

The security we're using is "authtype basic" which requires a username and password to make modifications. The password will be stored in a file called /Library/WebServer/.basic_pw, and the username required is "webdav".


There is a risk to using basic authentication. The username and password are weakly encoded, so it is possible that someone could listen to your network and steal the password. A few years ago, a new authentication scheme was developed for Apache called digest authentication. This scheme uses strong encryption to protect the password.

Unfortunately, the digest authentication module that ships with Apache version 1.3 (the one that comes with Mac OS 10.2) is old and not compatible with most browsers and client software. My attempts to use it with iCal failed. There is a more recent version of the module, but it requires Apache version 2.0 which is not trivial to set up and therefore out of the scope of this article. Hopefully, Apple will upgrade Apache to a more modern version, but in the meantime, keep an eye out for an Apache v2 package that will compile on Darwin (perhaps from the Fink project).

The <LimitExcept> directive gives us some protection from malicious intent. First, it locks down all the actions that can be performed on WebDAV files except for those that are read-only. Second, it limits the write priveliges to one user named "webdav". This user will not have any other abilities on the system but to write files in this directory.

3. Set Up Directories.

First, you need to set up the realm of WebDAV documents. Based on what we put in the configuration file, this will be in a subdirectory of the document root called /dav. So go to your server's document root (it's usually /Library/WebServer/Documents) and create a new directory called dav. I chose that name because I'll remember later what it's for.

Set the permissions and ownership of this directory so that the Web server can write to it. Do this by changing the group owner to www, which the Web server belongs to:

sudo chgrp www /Library/WebServer/Documents/dav

sudo chmod 775 /Library/WebServer/Documents/dav

Next, you need to make a place for the WebDAV lock database file. For lack of a better place, I created /usr/share/httpd/conf. Again, set the permissions so the server can write files here:

sudo chgrp www /usr/share/httpd/conf
sudo chmod 775 /usr/share/httpd/conf

4. Security Measures

Apache needs to know if the iCal trying to update the calendar is legit. So we have to create a new user and password. Don't use an existing user's name and password. A malicious hacker sniffing your communications can grab that username and use it to sneak inside your system. The username we will create will be limited to WebDAV files only, which will be useless to a would-be intruder.

First, create a password file in /Library/WebServer with this command:

htpasswd -c /Library/WebServer/.basic_pw webdav

You'll be prompted for a password. Invent something secure and save it someplace safe. Make the password unique (don't use one that you use elsewhere) because of the basic authentication risk I mentioned earlier. This password, and the user webdav will be the two parameters you give to iCal to connect to your server.

5. Restart the Server.

You could reboot the machine, but it's more elegant just to give the server a kick in the rear with the kill command. Don't worry, we aren't going really kill it. The -HUP option tells it to restart itself and read its configuration file again. Find the process ID number (PID) like this:

ps -ax | grep httpd

There will be several httpd processes running, but you only have to interrupt the first one, which is the master for all the rest. The command is:

sudo kill -HUP 1234

Where 1234 is the PID of the first httpd process.

6. Publish Your Calendar.

Related Reading

Mac OS X for Unix Geeks
By Brian Jepson, Ernest E. Rothman

You can close the terminal window now, and return to the cozy graphical interface of iCal. Select the calendar you want to publish and then hit the menu command Calendar -> publish... The window that pops up will give you two options: publish on .Mac or on a Web server. Being a maverick, you will click on the second, which expands the window with more options.

For the URL, put in the full path to the calendar file on the server. The name of the file may not be exactly what you typed in for the calendar. If there are spaces, for example, they will be replaced with the number 32, which is the space character's position in the ASCII character set. You can see ahead of time what the name will be by exporting the database to a file and reading the filename.

For username, put in "webdav". The password you created back in step 4 goes in the next field. And that's it!

You can create as many calendars as you want. I have two: and

Test it out. You can subscribe to your own calendars, though you may think you're seeing double. If you have problems, check the Web server's error log in /var/log/httpd/error_log. When you're done, you'll be able to tell your friends and associates how to subscribe to your calendars and feel the respect wash over you.

Happy hacking!

Erik T. Ray is a software wrangler and XML guru for O'Reilly Media.

Return to the Mac DevCenter.

Copyright © 2009 O'Reilly Media, Inc.