Issue #469
Updated by pcreech over 8 years ago
+++ This bug was initially created as a clone of Bug #1025890 +++ Description of problem: When syncing through a proxy using the digest_pw method of authentication in squid, sync fails with an access denied -- despite the proxy apparently working otherwise for other traffic. Note that ncsa auth method seems to be ok. Version-Release number of selected component (if applicable): Satellite-6.0.2-RHEL-6-20131101.0 How reproducible: Steps to Reproduce: 1. Configure a squid proxy using digest_pw auth COMMENT OUT ("#") the following line in /etc/squid/squid.conf to assure we're not bypassing auth. http_access allow localnet ADD the following lines to /etc/squid/squid.conf in the access section auth_param digest program /usr/lib64/squid/digest_pw_auth -c /etc/squid/passwords auth_param digest realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated EXECUTE the following # htdigest -c /etc/squid/passwords proxy katello (provide password for user 'katello' twice) RESTART squid # service squid restart (if you want, assure your proxy works by pointing a browser to it - you should be forced to authenticate with katello/katello username/passwd 2. katello-configure --proxy-url http://yourproxy.example.com --proxy-port 3128 --proxy-user katello --proxy-pass katello 3. Attempt to sync repo content Actual results: 1383336473.313 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html 1383336495.477 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html Expected results: Successful sync Additional info: Here's an example of the same content working with an ncsa auth method in squid 1383336589.341 66 10.16.96.134 TCP_MISS/200 1543 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml katello DIRECT/74.125.226.229 application/xml 1383336589.424 36 10.16.96.134 TCP_MISS/200 1767 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/filelists.xml.gz katello DIRECT/74.125.226.229 application/xml 1383336589.448 58 10.16.96.134 TCP_MISS/200 1038 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz katello DIRECT/74.125.226.229 application/xml 1383336589.451 61 10.16.96.134 TCP_MISS/200 2524 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/primary.xml.gz katello DIRECT/74.125.226.229 application/xml --- Additional comment from Corey Welton on 2013-11-01 16:20:54 EDT --- pulp-server-2.3.0-0.26.beta.el6sat.noarch --- Additional comment from RHEL Product and Program Management on 2013-11-01 16:27:00 EDT --- Since this issue was entered in Red Hat Bugzilla, the pm_ack has been set to + automatically for the next planned release --- Additional comment from RHEL Product and Program Management on 2014-01-27 09:52:21 EST --- This bug report previously had all acks and release flag approved. However since at least one of its acks has been changed, the release flag has been reset to ? by the bugbot (pm-rhel). The ack needs to become approved before the release flag can become approved again. --- Additional comment from RHEL Product and Program Management on 2014-01-27 10:48:36 EST --- Since this issue was entered in Red Hat Bugzilla, the pm_ack has been set to + automatically for the next planned release + This bug was cloned from "Bugzilla Bug #1116898":https://bugzilla.redhat.com/show_bug.cgi?id=1116898 +