+++ This bug was initially created as a clone of Bug #1025890 +++
Description of problem:
When syncing through a proxy using the digest_pw method of authentication in squid, sync fails with an access denied -- despite the proxy apparently working otherwise for other traffic.
Note that ncsa auth method seems to be ok.
Version-Release number of selected component (if applicable):
Satellite-6.0.2-RHEL-6-20131101.0
How reproducible:
Steps to Reproduce:
1. Configure a squid proxy using digest_pw auth
COMMENT OUT ("#") the following line in /etc/squid/squid.conf to assure we're not bypassing auth.
http_access allow localnet
ADD the following lines to /etc/squid/squid.conf in the access section
auth_param digest program /usr/lib64/squid/digest_pw_auth -c /etc/squid/passwords
auth_param digest realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
EXECUTE the following
# htdigest -c /etc/squid/passwords proxy katello
(provide password for user 'katello' twice)
RESTART squid
# service squid restart
(if you want, assure your proxy works by pointing a browser to it - you should be forced to authenticate with katello/katello username/passwd
2. katello-configure --proxy-url http://yourproxy.example.com --proxy-port 3128 --proxy-user katello --proxy-pass katello
3. Attempt to sync repo content
Actual results:
1383336473.313 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html
1383336495.477 0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html
Expected results:
Successful sync
Additional info:
Here's an example of the same content working with an ncsa auth method in squid
1383336589.341 66 10.16.96.134 TCP_MISS/200 1543 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml katello DIRECT/74.125.226.229 application/xml
1383336589.424 36 10.16.96.134 TCP_MISS/200 1767 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/filelists.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.448 58 10.16.96.134 TCP_MISS/200 1038 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.451 61 10.16.96.134 TCP_MISS/200 2524 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/primary.xml.gz katello DIRECT/74.125.226.229 application/xml
--- Additional comment from Corey Welton on 2013-11-01 16:20:54 EDT ---
pulp-server-2.3.0-0.26.beta.el6sat.noarch
--- Additional comment from RHEL Product and Program Management on 2013-11-01 16:27:00 EDT ---
Since this issue was entered in Red Hat Bugzilla, the pm_ack has been
set to + automatically for the next planned release
--- Additional comment from RHEL Product and Program Management on 2014-01-27 09:52:21 EST ---
This bug report previously had all acks and release flag approved.
However since at least one of its acks has been changed, the
release flag has been reset to ? by the bugbot (pm-rhel). The
ack needs to become approved before the release flag can become
approved again.
--- Additional comment from RHEL Product and Program Management on 2014-01-27 10:48:36 EST ---
Since this issue was entered in Red Hat Bugzilla, the pm_ack has been
set to + automatically for the next planned release