1025890 – content sync via authenticated proxy using digest_pw method fails

Bug 1025890 - content sync via authenticated proxy using digest_pw method fails

Summary: content sync via authenticated proxy using digest_pw method fails

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Pulp
Sub Component:
Version:	6.0.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Roman Plevka
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1116898 (view as bug list)
Depends On:	1116898
Blocks:	sat6-pulp-future 1033011 1131719
TreeView+	depends on / blocked

Reported:	2013-11-01 20:20 UTC by Corey Welton
Modified:	2021-04-06 18:04 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1116898 (view as bug list)
Environment:
Last Closed:	2018-03-23 16:23:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Pulp Redmine	469	0	Normal	CLOSED - WONTFIX	content sync via authenticated proxy using digest_pw method fails	2018-03-23 16:38:16 UTC

Description Corey Welton 2013-11-01 20:20:07 UTC

Description of problem:
When syncing through a proxy using the digest_pw method of authentication in squid, sync fails with an access denied -- despite the proxy apparently working otherwise for other traffic.  

Note that ncsa auth method seems to be ok.

Version-Release number of selected component (if applicable):
Satellite-6.0.2-RHEL-6-20131101.0

How reproducible:


Steps to Reproduce:
1.  Configure a squid proxy using digest_pw auth

COMMENT OUT ("#") the following line in /etc/squid/squid.conf to assure we're not bypassing auth.

http_access allow localnet

ADD the following lines to /etc/squid/squid.conf in the access section

auth_param digest program /usr/lib64/squid/digest_pw_auth  -c /etc/squid/passwords
auth_param digest realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

EXECUTE the following
# htdigest -c /etc/squid/passwords proxy katello
(provide password for user 'katello' twice)

RESTART squid
# service squid restart
(if you want, assure your proxy works by pointing a browser to it - you should be forced to authenticate with katello/katello username/passwd

2. katello-configure --proxy-url http://yourproxy.example.com --proxy-port 3128 --proxy-user katello --proxy-pass katello
3.  Attempt to sync repo content

Actual results:

1383336473.313      0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html
1383336495.477      0 10.16.96.134 TCP_DENIED/407 4254 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml - NONE/- text/html


Expected results:

Successful sync

Additional info:

Here's an example of the same content working with an ncsa auth method in squid

1383336589.341     66 10.16.96.134 TCP_MISS/200 1543 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml katello DIRECT/74.125.226.229 application/xml
1383336589.424     36 10.16.96.134 TCP_MISS/200 1767 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/filelists.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.448     58 10.16.96.134 TCP_MISS/200 1038 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/other.xml.gz katello DIRECT/74.125.226.229 application/xml
1383336589.451     61 10.16.96.134 TCP_MISS/200 2524 GET http://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/primary.xml.gz katello DIRECT/74.125.226.229 application/xml

Comment 1 Corey Welton 2013-11-01 20:20:54 UTC

pulp-server-2.3.0-0.26.beta.el6sat.noarch

Comment 8 Brian Bouterse 2015-03-05 21:30:22 UTC

*** Bug 1116898 has been marked as a duplicate of this bug. ***

Comment 9 pulp-infra@redhat.com 2015-12-22 22:01:15 UTC

The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.

Comment 10 pulp-infra@redhat.com 2016-02-01 20:31:14 UTC

The Pulp upstream bug status is at POST. Updating the external tracker on this bug.

Comment 11 pulp-infra@redhat.com 2016-02-02 20:01:10 UTC

The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.

Comment 12 pulp-infra@redhat.com 2016-02-11 20:01:23 UTC

The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.

Comment 13 Bryan Kearney 2016-02-15 18:23:43 UTC

Should be fixed with Pulp 2.8, moving this to POST.

Comment 15 pulp-infra@redhat.com 2016-03-11 14:01:21 UTC

The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.

Comment 18 Tanya Tereshchenko 2018-03-23 16:23:38 UTC

https://pulp.plan.io/issues/469#note-28

Comment 19 pulp-infra@redhat.com 2018-03-23 16:38:17 UTC

The Pulp upstream bug status is at CLOSED - WONTFIX. Updating the external tracker on this bug.

Note You need to log in before you can comment on or make changes to this bug.