yum pres proxy s kerberem

Ludek Finstrle luf na pzkagis.cz
Středa Srpen 11 13:02:19 CEST 2010 

> % Fedora 12 i386
> % 
> % $yum search cosi
> % ...
> % http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml: [Errno 14] HTTP Error 407 : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml
> % 
> % Mate nekdo napad, jak yumu vnutit kerberosi autentizaci? Ci ho donutit,
> % aby se na username/password zeptal?
> 
> Kerberos je snad kvuli tomu, aby se te prave na heslo neptal a pouzil
> ticket, ne? :)

Ano, ale yum se taky pousti pod rootem, coz znamena, ze zrovna nebude mit
pristup k memu listku. Tak jsem to zkusil spatne polozit 2. otazku, zda
jde nejak yum donutit, aby se zeptal na jmeno/heslo, pokud ho proxy vyzaduje.

> % Ulozeni jmena/hesla na disku je krajne nevhodne kvuli caste zmene hesla
> % (vynucene politikou hesel) => zamykani uctu.
> % 
> % Jak to resite vy?
> 
> Yum v F12 pouziva jako http backend libcurl, ktera kerberos umi, takze
> bych zacal asi takto:
> 
> Mas platny ticket?
>    $ klist

Jj, mam:

[root na finstrle ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: finstrle na REALM

Valid starting     Expires            Service principal
08/11/10 08:25:03  08/11/10 18:25:07  krbtgt/REALM na REALM
	renew until 08/12/10 08:25:03


> Funguje curl skrz proxy?
>    $ curl --proxy-negotiate --user : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml

[root na finstrle ~]# http_proxy=http://proxy.localdomain:3128 curl --proxy-negotiate --user : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml
curl: (47) Maximum (50) redirects followed

Po siti lita pozadavek:
GET http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml HTTP/1.1
Authorization: Basic Og==
User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Host: download1.rpmfusion.org
Accept: */*
Proxy-Connection: Keep-Alive

Odpoved:
HTTP/1.0 407 Proxy Authentication Required
Server: squid/3.0.STABLE25
Mime-Version: 1.0
Date: Wed, 11 Aug 2010 10:51:50 GMT
Content-Type: text/html
Content-Length: 1998
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Basic realm="Web-Proxy"
X-Cache: MISS from app-proxy01.homecredit.net
X-Cache-Lookup: NONE from app-proxy01.homecredit.net:3128
Via: 1.0 app-proxy01.homecredit.net (squid/3.0.STABLE25)
Proxy-Connection: close

A porad dokola :o( Zjevne se o zadne negotiate ani nepokusi ...

Diky, koumam dal

Luf

Další informace o konferenci Linux