Project

Profile

Help

Issue #469

closed

content sync via authenticated proxy using digest_pw method fails

Added by mmccune@redhat.com almost 10 years ago. Updated almost 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Nectar:
Platform Release:
Target Release - Nectar:
OS:
Triaged:
Yes
Groomed:
Yes
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:
When syncing through a proxy using the digest_pw method of authentication in squid, sync fails with an access denied -- despite the proxy apparently working otherwise for other traffic.

Steps to Reproduce:
1. Configure a squid proxy using digest_pw auth

COMMENT OUT ("#") the following line in /etc/squid/squid.conf to assure we're not bypassing auth.

http_access allow localnet

ADD the following lines to /etc/squid/squid.conf in the access section

auth_param digest program /usr/lib64/squid/digest_pw_auth  -c /etc/squid/passwords
auth_param digest realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

EXECUTE the following

  1. htdigest -c /etc/squid/passwords proxy katello
    (provide password for user 'katello' twice)

RESTART squid

  1. service squid restart
    (if you want, assure your proxy works by pointing a browser to it - you should be forced to authenticate with katello/katello username/passwd

2. katello-configure --proxy-url http://yourproxy.example.com --proxy-port 3128 --proxy-user katello --proxy-pass katello
3. Attempt to sync repo content

Actual results:

1383336473.313 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html
1383336495.477 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html

Expected results:

Successful sync

Additional info:

Here's an example of the same content working with an ncsa auth method in squid

1383336589.341 66 10.16.96.134 TCP_MISS/200 1543 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml katello DIRECT/74.125.226.229 application/xml
1383336589.424 36 10.16.96.134 TCP_MISS/200 1767 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/filelists.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.448 58 10.16.96.134 TCP_MISS/200 1038 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.451 61 10.16.96.134 TCP_MISS/200 2524 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/primary.xml.gz katello DIRECT/74.125.226.229 application/xml

Also available in: Atom PDF