Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 657396

Summary: [RFE] backport of --proxy-negotiate code to allow use of kerberos auth proxy
Product: Red Hat Enterprise Linux 5 Reporter: Martin Poole <mpoole>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.5CC: amarecek, bgollahe, dapospis, jentrena, mvadkert, ovasik, prc, rbinkhor, rdassen, rvokal
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: curl-7.15.5-14.el5 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 06:15:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 625685, 989557    
Bug Blocks: 668957    
Attachments:
Description Flags
work in progress
none
backport of 4 upstream commits ovasik: review+

Description Martin Poole 2010-11-25 17:56:20 UTC 
>   2. What is the nature and description of the request?

The customer wants kerberos negotiation auth proxy support to be added to curl.

>   3. Why does the customer need this? (List the business requirements here)

"Users need curl to download many pages of statistics from some institutional and governments web sites. They then use these data to update a Postgresql database. Without kerberos authentication they need to save their credentials in a file with obvious security and management problems."

>   4. How would the customer like to achieve this? (List the functional requirements here)

The customer wants curl to be kerberos negotiation auth capable.

>   5. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

1. Install and setup squid with kerberos negotiation auth.
2. curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://server.example.com

>   6. Is there already an existing RFE upstream or in Red Hat bugzilla?

Yes, although it's for RHEL6 instead of RHEL5. BZ#625685 is about the git commit 13b8fc46a3fd6b202a7f2df5f9aff4f26fe6c4db, but 015d5869d7e3daf81548e4d5d55209adfd4285bf is also required.

>   7. How quickly does this need resolved? (desired target release)

Next minor release, RHEL5.7 or sooner.

>   8. Does this request meet the RHEL Inclusion criteria (please review)

Yes.

>   9. List the affected packages

curl
Comment 12 Kamil Dudka 2011-01-03 16:45:45 UTC 
Related upstream commits:

https://github.com/bagder/curl/commit/a777eb3
https://github.com/bagder/curl/commit/dc2c70b
https://github.com/bagder/curl/commit/015d586
https://github.com/bagder/curl/commit/9e48097
https://github.com/bagder/curl/commit/13b8fc4
Comment 15 Kamil Dudka 2011-01-04 16:16:03 UTC 
(In reply to comment #12)
> https://github.com/bagder/curl/commit/9e48097

This one ^^^ is harmless but redundant since we compile without HAVE_SPNEGO.
Comment 16 RHEL Program Management 2011-01-11 20:30:47 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 17 RHEL Program Management 2011-01-11 22:25:54 UTC 
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.
Comment 18 RHEL Program Management 2011-05-31 13:23:12 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 24 Kamil Dudka 2011-09-08 12:44:47 UTC 
Created attachment 522110 [details]
backport of 4 upstream commits

I just removed 9e48097 from the patch set.  Otherwise exactly the same as the original (already tested) version.
Comment 29 errata-xmlrpc 2012-02-21 06:15:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0241.html