oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Serve Your iCal Calendars Using WebDAV

by Erik T. Ray

iCal has only been out a couple of weeks, and already hundreds of people are publishing their own calendars for subscription. Apple's site has a bunch of calendars for obvious things like sports events and holidays. To this set people have added ingenious things like a Space Shuttle launch schedule, this season's episodes of Buffy the Vampire Slayer, and the session schedule for the upcoming Mac OS X Conference. A whole culture is growing up around this humble iApp.

You can set up your own plot of Gregorian-space. All you need is Mac OS X 10.2, the free download of iCal, and a place to host your calendars. Apple will host it for you on your .Mac account (if you've paid the $100 annual fee). But if you're like me and you already have access to a Web server, it may seem redundant and expensive to get a .Mac account. What can you do?

The least complicated option is just to export the calendar to an .ics file and put that up on a Web site. Select File -> Export from the iCal menu and save the file. Move the file to a Web server, and you're done. To subscribe to your calendar, your buddies will have to go into iCal, select the Calendar -> Subscribe... menu option, and type the URL of your calendar file into the dialog box. iCal will happily subscribe to it and add its entries to its own.

The problem with this way is that it's a lot of work to update the calendar. iCal has a feature that allows it to update calendars automatically through a protocol called WebDAV. You just select the menu Calendar -> update, and in a few seconds the published calendar is up to date.

WebDAV stands for "Web-based Distributed Authoring and Versioning." It enables you to edit and manage files on a Web server remotely and in collaboration with others. You can read more about it at MacOS X supports WebDAV as a flavor of shared volume that you can mount through the Finder's Go -> Connect To menu command. And it's the way iCal outputs data to remote servers.

I went through the process of installing WebDAV on my server (Apache on Mac OS X 10.2). Here's how I did it:

1. Install the Apache Module mod_dav.

Download the latest mod_dav package from Look for a link containing the suffix "tar.gz." Unpack this file with gzip and tar or stuffit. In a terminal, find the directory containing the WebDAV files, and run these commands:

sudo make install

The module will be installed in the right place, along with other Apache modules. However, you need to edit the configuration file to enable it in Apache.

2. Enable WebDAV in the Apache Config File.

Apache's configuration file is /etc/httpd/httpd.conf. Before you do anything, make a backup of it, in case you screw up and have to backtrack. You can just copy it to httpd.conf.bak, for example. Now open up the file in an editor. You may have to become root to do this, by preceding the command with sudo, like this:

sudo emacs /etc/httpd/httpd.conf

Zoom down to the end of the file and add this text:

DAVLockDB /usr/share/httpd/conf/DAVLock
DAVMinTimeout 600
<Location /dav/>
  DAV On
  AuthType Basic
  AuthName "WebDAV Restricted"
  AuthUserFile /Library/WebServer/.basic_pw
  <LimitExcept GET HEAD OPTIONS>
    Require user webdav

The first line sets up a database file that WebDAV uses to track who's editing which file. It will lock a file to prevent something dangerous happening, like two people trying to update it at once. The second line tells the Web server not to wait forever if the remote computer loses connection with it. The <Location> tags set the context of the WebDAV settings to be for the directory /dav which we will set up under the document root.

The security we're using is "authtype basic" which requires a username and password to make modifications. The password will be stored in a file called /Library/WebServer/.basic_pw, and the username required is "webdav".


There is a risk to using basic authentication. The username and password are weakly encoded, so it is possible that someone could listen to your network and steal the password. A few years ago, a new authentication scheme was developed for Apache called digest authentication. This scheme uses strong encryption to protect the password.

Unfortunately, the digest authentication module that ships with Apache version 1.3 (the one that comes with Mac OS 10.2) is old and not compatible with most browsers and client software. My attempts to use it with iCal failed. There is a more recent version of the module, but it requires Apache version 2.0 which is not trivial to set up and therefore out of the scope of this article. Hopefully, Apple will upgrade Apache to a more modern version, but in the meantime, keep an eye out for an Apache v2 package that will compile on Darwin (perhaps from the Fink project).

The <LimitExcept> directive gives us some protection from malicious intent. First, it locks down all the actions that can be performed on WebDAV files except for those that are read-only. Second, it limits the write priveliges to one user named "webdav". This user will not have any other abilities on the system but to write files in this directory.

Pages: 1, 2

Next Pagearrow