Bug 1025890 - content sync via authenticated proxy using digest_pw method fails
content sync via authenticated proxy using digest_pw method fails
Status: CLOSED WONTFIX
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Pulp (Show other bugs)
6.0.2
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: satellite6-bugs
Roman Plevka
: Triaged
: 1116898 (view as bug list)
Depends On: 1116898
Blocks: sat6-pulp-future 1033011 1131719
  Show dependency treegraph
 
Reported: 2013-11-01 16:20 EDT by Corey Welton
Modified: 2018-05-25 11:32 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1116898 (view as bug list)
Environment:
Last Closed: 2018-03-23 12:23:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Pulp Redmine 469 Normal CLOSED - WONTFIX content sync via authenticated proxy using digest_pw method fails 2018-03-23 12:38 EDT

  None (edit)
Description Corey Welton 2013-11-01 16:20:07 EDT
Description of problem:
When syncing through a proxy using the digest_pw method of authentication in squid, sync fails with an access denied -- despite the proxy apparently working otherwise for other traffic.  

Note that ncsa auth method seems to be ok.

Version-Release number of selected component (if applicable):
Satellite-6.0.2-RHEL-6-20131101.0

How reproducible:


Steps to Reproduce:
1.  Configure a squid proxy using digest_pw auth

COMMENT OUT ("#") the following line in /etc/squid/squid.conf to assure we're not bypassing auth.

http_access allow localnet

ADD the following lines to /etc/squid/squid.conf in the access section

auth_param digest program /usr/lib64/squid/digest_pw_auth  -c /etc/squid/passwords
auth_param digest realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

EXECUTE the following
# htdigest -c /etc/squid/passwords proxy katello
(provide password for user 'katello' twice)

RESTART squid
# service squid restart
(if you want, assure your proxy works by pointing a browser to it - you should be forced to authenticate with katello/katello username/passwd

2. katello-configure --proxy-url http://yourproxy.example.com --proxy-port 3128 --proxy-user katello --proxy-pass katello
3.  Attempt to sync repo content

Actual results:

1383336473.313      0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html
1383336495.477      0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html


Expected results:

Successful sync

Additional info:

Here's an example of the same content working with an ncsa auth method in squid

1383336589.341     66 10.16.96.134 TCP_MISS/200 1543 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml katello DIRECT/74.125.226.229 application/xml
1383336589.424     36 10.16.96.134 TCP_MISS/200 1767 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/filelists.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.448     58 10.16.96.134 TCP_MISS/200 1038 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.451     61 10.16.96.134 TCP_MISS/200 2524 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/primary.xml.gz katello DIRECT/74.125.226.229 application/xml
Comment 1 Corey Welton 2013-11-01 16:20:54 EDT
pulp-server-2.3.0-0.26.beta.el6sat.noarch
Comment 8 Brian Bouterse 2015-03-05 16:30:22 EST
*** Bug 1116898 has been marked as a duplicate of this bug. ***
Comment 9 pulp-infra@redhat.com 2015-12-22 17:01:15 EST
The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.
Comment 10 pulp-infra@redhat.com 2016-02-01 15:31:14 EST
The Pulp upstream bug status is at POST. Updating the external tracker on this bug.
Comment 11 pulp-infra@redhat.com 2016-02-02 15:01:10 EST
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.
Comment 12 pulp-infra@redhat.com 2016-02-11 15:01:23 EST
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.
Comment 13 Bryan Kearney 2016-02-15 13:23:43 EST
Should be fixed with Pulp 2.8, moving this to POST.
Comment 15 pulp-infra@redhat.com 2016-03-11 09:01:21 EST
The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.
Comment 18 Tanya Tereshchenko 2018-03-23 12:23:38 EDT
https://pulp.plan.io/issues/469#note-28
Comment 19 pulp-infra@redhat.com 2018-03-23 12:38:17 EDT
The Pulp upstream bug status is at CLOSED - WONTFIX. Updating the external tracker on this bug.

Note You need to log in before you can comment on or make changes to this bug.