Apple's calendaring application, iCal, offers the ability to share calendars you create with others by 'publishing' them to the internet. Their hope is that most people will use their .Mac service, which offers all sorts of interesting things, one being the ability to put your calendars online for people to view or download. Many of us, however, choose not to use .Mac, Apple enthusiasts though we are, and so must use the second option Apple provides us for sharing our calendars - publishing to a WebDAV-enabled server.

The only trouble with this, of course, is finding a WebDAV-enabled server. Most ISPs won't have this option available, at least by default. Thanks to OS X's fabulous new UNIX backend, however, every OS X computer has some fabulous things installed by default, including the famous Apache web server and the mod_dav extension. So you can simply publish to your own computer, and use it as a server! All you have to do is enable WebDAV and set up the proper permissions.

First of all, realize that publishing things to your own computer means that subscribing to and/or downloading the calendar will only be as reliable as your computer's connection to the internet. If you use a dial-up connection and are offline a lot, or if you ever turn off your computer, nobody will be able to access your information at those times. As evidenced by Apple's decision to put a power button nowhere in site on the flat-panel iMacs, it seems Apple's new goal is for us to never turn our Macs off. This is a bold statement, indeed, but one that I support so long as the operating system is truly up to snuff.

At any rate, when publishing things for the world to see, you also have to be careful about only allowing the world access to the things they really need to see. While I doubt that your mother or your husband or even that nice guy at work with the mustache would ever take advantage of access to your computer to do something harmful, there are people out there who will. And yes, they can and will find your computer, using all sorts of nefarious methods. So in the information below I'll try to show how to lock up your published calendars fairly tightly. If you want to have more security, more power to you (just ask me, or preferably someone with more knowledge about this sort of thing, how). If you want less security, that's OK, but just realize what you're doing.

Finally, know that you don't have to do this if you feel uncomfortable - there are other ways to get your calendar published, even without subscribing to .Mac. Try searching Google to find services that will let you publish your calendars to their servers. As of this writing, I've heard of iCal Exchange in particular, though I can't vouch its services. Third-party developers have also made it possible to publish via other methods, such as FTP. One tool for this is iCal FTP for OS X.

First of all, note that these instructions are for the normal, client version of OS X, not OS X Server. OS X Server has a variety of different proprietary systems set up, and so many of these instructions will not work. Unfortunately, I don't have a copy of OS X Server to play with, or I would provide instructions for that system as well. With that said, on with the show.

You are enabling WebDAV, which is already installed, as an extension to the Apache web server. I don't know of a way to do this without using the Terminal, and you need an administrator account so you can edit things that apply not only to a single user, but to the whole computer (if you only have one user on your computer, this might sound confusing, but there really are good reasons for it. Luckily, you should automatically be an administrator if you only have one user).

First, open a Terminal window. If you don't know how to use the Terminal to read and edit files, read The Quick and Dirty on the Terminal and Text Editors before continuing. It explains how to set up the Terminal for easy use in OS X, and how to use it to edit text.

You will need to edit the Apache configuration file. This requires root access, for which we can use a tool called 'sudo'. If you've never used this before, be careful. Sudo can allow you to change all sorts of things you shouldn't, so after doing what I describe, close your terminal and run away, or make darn sure you know what you're doing.

Ok, so on to the instructions. Sorry to keep you waiting.

First, open the file /etc/httpd/httpd.conf using the sudo command (e.g. sudo vi /etc/httpd/httpd.conf or sudo vim /etc/httpd/httpd.conf). You should see a long file that begins by decribing itself as the Apache HTTP server configuration file. You need to search for a line which reads #LoadModule digest_module libexec/httpd/mod_digest.so. Simply delete the "#" at the beginning of the line to enable it. Next, you need to search for and remove the sharp sign for #LoadModule dav_module libexec/httpd/libdav.so, #AddModule mod_digest.c, and #AddModule mod_dav.c. (If you decide not to use Digest authentication to password-protect your calendars, you can dispense with uncommenting the mod_digest lines)

Now, search for Directory ". You should see the line <Directory "/Library/WebServer/Documents">. This is the beginning of the section that defines that directory as the home for your web server. I entered the following stuff just before that line, but you can put it practically anywhere in this file, so long as it's not contained by the wrong thing. So unless you know what you're doing and have a reason for putting things somewhere else, make sure you start typing on the line before the <Directory "/Library/WebServer/Documents"> line.

First, set up a location for the 'lockfiles' for WebDAV. This location can be most anywhere on your computer, but it shouldn't be in your web tree (it shouldn't be in /Library/WebServer/Documents). I used /Library/WebServer/davlocks/. If you don't use this directory, remember that later when I describe how to set that location up.

# CHANGES BY GREG WESTIN - Turning on WebDAV
DAVLockDB /Library/WebServer/davlocks/DAVLockDB
DAVMinTimeout 600

Next, you need to turn WebDAV on specifically for a certain location. We don't want to turn it on everywhere because, as I said before, we only want to allow the permissions necessary for our purposes. I decided to put all my iCal files in a folder called "ical" at the top of my web tree. You can choose a different name, just remember to change all the references below.

<Location /ical>
	DAV On
	AllowOverride None
	Options None

Now, you could be finished here, simply by putting in a closing </Location> tag. However, this would allow everyone unfettered access to that directory, to add, edit, and delete calendars which more appropriately should only be added and edited by you, and only read by people you give a password to. First, let's limit posting access to you. You'll need to set up a passwords file, which I'll describe later. I chose to put this file in a directory called /etc/httpd/passwords, but you can put it somewhere else if you'd like. Also, replace require user greg melissa with require user and then whatever usernames you'd like to use. You will probably only need one; I have two because my wife used to publish calendars to my computer.

	AuthType Digest
	AuthName "webdav access"
	AuthDigestFile "/etc/httpd/passwords/webdav.digest"
	<LimitExcept GET HEAD OPTIONS>
		require user greg melissa
	</LimitExcept>

Note: This setup uses so-called "Digest" authentication because it is more secure than "Basic" authentication, which sends your password in plain text. However, not all browsers can handle digest authentication. If you want to use Basic authentication, see the fourth FAQ at the bottom of this page.

Next, we want to allow any valid user in our passwords file to get things from this directory. I set up a 'guest' user, but you can set up individual users for your friends if you want, or not give anyone else access if you so choose.

	<Limit GET HEAD OPTIONS>
		require valid-user
	</Limit>
</Location> 

Ok, you should be done editing the httpd.conf file, so save and close it. If you have PHP enabled, however, or plan on enabling it, be sure to read the first FAQ on this page before finishing up with the httpd.conf file.

You're almost done. You now need to set up the aforementioned lockfile directory, ical directory, and password file, and then restart the web server.

First, the lockfile directory. Type "sudo mkdir /Library/WebServer/davlocks" and hit return to make the 'davlocks' directory. Now you need to make it 'owned' by the username that Apache uses, www. Type sudo chown www:www /Library/WebServer/davlocks.

Ok, done with that. Now let's set up the 'ical' directory. It's just like above: sudo mkdir /Library/WebServer/Documents/ical and then sudo chown www:www /Library/WebServer/Documents/ical. When you publish calendars, remember to publish to http://[your ip address or domain name]/ical, and when someone else subscribes, they use webcal://[your ip address or domain name]/ical/[calendar name].ics, both without any brackets, substituting the correct values.

Last, let's set up those passwords. For this, we use the 'htdigest' command. First, make the directory that will contain this file: sudo mkdir /etc/httpd/passwords. Next, use htdigest with the -c option to create the file (remember to substitute the username you want for 'greg'): sudo htdigest -c /etc/httpd/passwords/webdav.digest "webdav access" greg. For any other users you want to add, including a 'guest' or anonymous user, use a command like sudo htdigest /etc/httpd/passwords/webdav.digest "webdav access" guest (note the lack of the -c in this command, as we do not need to create the password file). For each of these, of course, you will be asked for a password for the given user. Note that the "AuthName" must match the second argument here.

Ok, you should be all set. Close that file, then simply type sudo apachectl graceful to restart your web server, and try it out! Remember to use the right syntax when publishing/subscribing, as iCal is picky. For me, things look like this:

In your case, you might not have your own domain name set up, and if you do, may not have the 'ical' subdomain set up. No problem. Your info might use 'www.mydomain.com' instead of 'ical.gregwestin.com', or it might use an IP address, in which case it would look something like (using a sample IP address of 140.247.145.23):

This only works, of course, if you have a fixed IP address. If you know you have one, you can find it in the 'Network' pane in your System Preferences. If you don't know, ask your provider. If you don't have a fixed IP address, check out a solution using dynamic DNS, with a service like zoneedit.com or hn.org. Also, remember to substitute the proper calendar name, capitalized if need be, for "calendar" when subscribing.

That's it! Please let me know if there are any problems with these instructions. Finally, if you want a way to be able to view these calendars online, in addition to being able to let other people subscribe to or download them, be sure to check out my hints on getting started with PHPiCalendar.

Frequently Asked Questions:

• After following these instructions, my web server won't start up! What's wrong? (The most common error usually begins with dyld: /usr/sbin/httpd Undefined symbols:)

The most likely problem is that you thought you had PHP installed, but you need to upgrade to an appropriate compile of PHP for your version of OS X. You can find these on Marc Liyanage's web site. Also, make sure the DAV module is loaded and enabled after PHP in your httpd.conf file. This means moving the Line that begins with LoadModule dav_module after the one that begins with LoadModule php4_module, and the same for the lines beginning with AddModule mod_dav.c and AddModule mod_php4.c. (I don't know if this is relevant if you are using PHP 5, which is the version in Marc's newest PHP builds. Can anyone tell me if the load order still matters?)

The other possibility I can think of is that there might be some problems with the httpd.conf file you copied from your previous installation of OS X or which came with your current version. Make sure you have this line commented out at the end of the LoadModule sequence:

#LoadModule hfs_apple_module		libexec/httpd/mod_hfs_apple.so

Also comment out the corresponding value in the AddModule sequence.

If none of that works, check your system logs, and send me the relevant lines, or post them in an Apple Discussions Forum.

• After following these instructions, I can publish the calendars with one user, but when I try to subscribe to the calendars with another user, it doesn't work. What's going on?

The most likely explanation is that you made a typo when setting up your passwords file with htdigest. You only need to use the -c flag when creating the first password; if you use -c for subsequent passwords, your file will be overwritten and you will end up with only one password in the file. To summarize, the commands you should use are (remember to substitute the user names you want to use for greg and guest):

To create the first user's password:

sudo htdigest -c /etc/httpd/passwords/webdav.digest "webdav access" greg

To create subsequent users' passwords:

sudo htdigest /etc/httpd/passwords/webdav.digest "webdav access" guest

• I want to use this server not just for calendars, but for sharing files from my computer. When I set things up, the 'guest' users (the users that should only have read permissions, not permission to write) can't connect to the server using utilities like OS X's "Connect to Server" command! What's wrong?

When connecting with this sort of program, users need access to the PROPFIND method, in addition to GET, HEAD, and OPTION. So if you want these users to be able to see a list of your files, and connect using programs like "Connect to Server," simply add PROPFIND to the list of properties in the relevant section of your httpd.conf file:

	<LimitExcept GET HEAD OPTIONS PROPFIND>
		require user greg melissa
	</LimitExcept>
	<Limit GET HEAD OPTIONS PROPFIND>
		require valid-user
	</Limit>

There may well be other methods needed to allow users to do various other things you might want to allow them to do. Since this page is focused upon WebDAV for use with Apple's iCal, however, and since I'm not an expert on WebDAV by any stretch of the imagination, I'll leave it to others to explain other such uses of WebDAV.

• How do I use Basic authentication rather than Digest?

Simply replace the three relevant httpd.conf lines above (from the "AuthType" line through the AuthDigestFile" line) with these:

	AuthType Basic
	AuthName "webdav access"
	AuthUserFile "/etc/httpd/passwords/webdav.access"

Also, you need to create a different sort of password file. Rather than using the 'htdigest' command, do the following (after creating the 'passwords' directory as described above): Use the 'htpasswd' command with the -c option to create the file (remember to substitute the username you want for 'greg'): sudo htpasswd -c /etc/httpd/passwords/webdav.access greg. For any other users you want to add, including a 'guest' or anonymous user, use a command like sudo htpasswd /etc/httpd/passwords/webdav.access guest. For each of these, of course, you will be asked for a password for the given user.