Bug 574080

Summary: YUM does not work with proxies who use NTLM
Product: Red Hat Enterprise Linux 5 Reporter: jean-francois.martinez
Component: yumAssignee: packaging-team-maint
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: low    
Version: 5.6CC: james.antill, mikhail.v.gavrilov
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-12 16:47:07 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description jean-francois.martinez 2010-03-16 10:58:35 EDT
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4

Wirsehark show that yum does not try to use NTLM authentification.  Only plain authentification

Reproducible: Always

Steps to Reproduce:
1.  Enter proxy parms in the /etc/yum/yum.conf
2.  Try to use yum
3.
Actual Results:  
Authentification fails.  Unable to use YUM to manage my platform.  No dependency solving

Expected Results:  
Cross the proxy and let me install additional components.

Since RHEL is targeted at Enterprise and NTLM-based proxies are AFAIK common place this is a critically missing feature, still more since there are distributions (eg Mandriva) who aren't targeting the enterprise and where crossing of NTLM-based proxies works out of the box.
Comment 1 Michal Ambroz 2010-08-24 15:12:06 EDT
Workaround could be to use local proxy - ntlmaps or cntlm

ntlmaps https://bugzilla.redhat.com/show_bug.cgi?id=487241
cntlm   https://bugzilla.redhat.com/show_bug.cgi?id=626862
Comment 2 jean-francois.martinez 2011-03-22 05:20:57 EDT
The proxy solution is not satisfactory:

1)  Because cntlm/ntlmaps either plainly not work or because they have huge instability/performance problems

2)  Because they are not part of the distribution
Comment 3 James Antill 2013-03-12 16:47:07 EDT
I believe this is already requested in RHEL-6 and RHEL-7, and it might get added at some point in RHEL-7 (but I wouldn't guarantee it).

This request was evaluated by Red Hat Engineering for inclusion in a Red 
Hat Enterprise Linux maintenance release.

Red Hat does not currently plan to provide this change in a Red Hat 
Enterprise Linux update release for currently deployed products.

With the goal of minimizing risk of change for deployed systems, and in 
response to customer and partner requirements, Red Hat takes a 
conservative approach when evaluating enhancements for inclusion in 
maintenance updates for currently deployed products. The primary 
objectives of update releases are to enable new hardware platform 
support and to resolve critical defects.