yum pres proxy s kerberem
Ludek Finstrle
luf na pzkagis.cz
Středa Srpen 11 13:02:19 CEST 2010
> % Fedora 12 i386
> %
> % $yum search cosi
> % ...
> % http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml: [Errno 14] HTTP Error 407 : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml
> %
> % Mate nekdo napad, jak yumu vnutit kerberosi autentizaci? Ci ho donutit,
> % aby se na username/password zeptal?
>
> Kerberos je snad kvuli tomu, aby se te prave na heslo neptal a pouzil
> ticket, ne? :)
Ano, ale yum se taky pousti pod rootem, coz znamena, ze zrovna nebude mit
pristup k memu listku. Tak jsem to zkusil spatne polozit 2. otazku, zda
jde nejak yum donutit, aby se zeptal na jmeno/heslo, pokud ho proxy vyzaduje.
> % Ulozeni jmena/hesla na disku je krajne nevhodne kvuli caste zmene hesla
> % (vynucene politikou hesel) => zamykani uctu.
> %
> % Jak to resite vy?
>
> Yum v F12 pouziva jako http backend libcurl, ktera kerberos umi, takze
> bych zacal asi takto:
>
> Mas platny ticket?
> $ klist
Jj, mam:
[root na finstrle ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: finstrle na REALM
Valid starting Expires Service principal
08/11/10 08:25:03 08/11/10 18:25:07 krbtgt/REALM na REALM
renew until 08/12/10 08:25:03
> Funguje curl skrz proxy?
> $ curl --proxy-negotiate --user : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml
[root na finstrle ~]# http_proxy=http://proxy.localdomain:3128 curl --proxy-negotiate --user : http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml
curl: (47) Maximum (50) redirects followed
Po siti lita pozadavek:
GET http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/repodata/repomd.xml HTTP/1.1
Authorization: Basic Og==
User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Host: download1.rpmfusion.org
Accept: */*
Proxy-Connection: Keep-Alive
Odpoved:
HTTP/1.0 407 Proxy Authentication Required
Server: squid/3.0.STABLE25
Mime-Version: 1.0
Date: Wed, 11 Aug 2010 10:51:50 GMT
Content-Type: text/html
Content-Length: 1998
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Basic realm="Web-Proxy"
X-Cache: MISS from app-proxy01.homecredit.net
X-Cache-Lookup: NONE from app-proxy01.homecredit.net:3128
Via: 1.0 app-proxy01.homecredit.net (squid/3.0.STABLE25)
Proxy-Connection: close
A porad dokola :o( Zjevne se o zadne negotiate ani nepokusi ...
Diky, koumam dal
Luf
Další informace o konferenci Linux