[Bug 809859] New: konqueror (kio_http) does not support authentication via "negotiation" scheme
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c0 Summary: konqueror (kio_http) does not support authentication via "negotiation" scheme Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: thomas.krekler@xilicon.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 konqueror does not authenticate with a valid kerberos ticket whearas firefox does when requested by a website or a proxy server. Reproducible: Always Steps to Reproduce: 1. 2. 3. debug delivers the following output for proxy authentication: kio_http(8711)/kio_http_debug HTTPProtocol::readResponseHeader: -- full response: "HTTP/1.0 407 Proxy Authentication Required^M Server: squid/3.1.12^M Mime-Version: 1.0^M Date: Sun, 17 Mar 2013 13:52:44 GMT^M Content-Type: text/html^M Content-Length: 3821^M X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0^M Vary: Accept-Language^M Content-Language: de^M Proxy-Authenticate: Negotiate^M Proxy-Authenticate: Basic realm="Internet Access"^M X-Cache: MISS from *********^M X-Cache-Lookup: NONE from *********:3128^M Via: 1.0 ******** (squid/3.1.12)^M Connection: keep-alive" kio_http(8711)/kio_http_debug HTTPProtocol::readResponseHeader: Content-type: "text/html" kio_http(8711)/kio_http_debug HTTPProtocol::handleAuthenticationHeader: Trying authentication scheme: "Basic" Though "negotiate" was offered as a first choice, konqueror ignores it an selects "basic".
From the source code in httpauthentication.cpp, I guess that the lib was not complied with HAVE_LIBGSSAPI directive.
SLES 11 SP2 works, OpenSuSE 12.2 not -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c1 Karsten Kuenne <kuenne@rentec.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kuenne@rentec.com --- Comment #1 from Karsten Kuenne <kuenne@rentec.com> 2013-08-29 14:31:04 UTC --- Is there anybody working on this? We're seriously affected by this bug because our internal web authentication scheme is "Negotiate". This bug renders konqueror useless for us. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c2 Hrvoje Senjan <hrvoje.senjan@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |hrvoje.senjan@gmail.com Resolution| |UPSTREAM --- Comment #2 from Hrvoje Senjan <hrvoje.senjan@gmail.com> 2013-08-31 20:59:59 UTC --- (In reply to comment #0)
From the source code in httpauthentication.cpp, I guess that the lib was not complied with HAVE_LIBGSSAPI directive.
Which lib? kio_http is compiled against libgssapi_krb5 so
Is there anybody working on this?
(In reply to comment #1) Honestly - no. Such reports belong to bugs.kde.org. Sorry for slow/no responce though, somehow this mail got in my spam folder. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c3 Hrvoje Senjan <hrvoje.senjan@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|UPSTREAM | --- Comment #3 from Hrvoje Senjan <hrvoje.senjan@gmail.com> 2013-09-01 01:32:17 UTC --- I apologize, i now realized report is against 12.2. Issued a maintance request. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-09-01 04:00:11 CEST --- This is an autogenerated message for OBS integration: This bug (809859) was mentioned in https://build.opensuse.org/request/show/196993 12.2 / kdelibs4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-09-01 04:00:30 CEST --- This is an autogenerated message for OBS integration: This bug (809859) was mentioned in https://build.opensuse.org/request/show/196991 Maintenance / https://build.opensuse.org/request/show/196992 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c6 --- Comment #6 from Karsten Kuenne <kuenne@rentec.com> 2013-09-01 18:37:34 UTC --- (In reply to comment #2)
(In reply to comment #0)
From the source code in httpauthentication.cpp, I guess that the lib was not complied with HAVE_LIBGSSAPI directive.
Which lib? kio_http is compiled against libgssapi_krb5 so
Is there anybody working on this?
(In reply to comment #1) Honestly - no. Such reports belong to bugs.kde.org. Sorry for slow/no responce though, somehow this mail got in my spam folder.
In openSUSE 12.2 it's apparently not linked against libgssapi_krb5 or any krb5 libraries: ldd /usr/lib64/kde4/kio_http.so| grep gss ldd /usr/lib64/kde4/kio_http.so| grep krb5 come up empty. I just confirmed that recompling kdelibs4 on a system which has krb5-devel installed correctly detects it and links kio_http against Kerberos libraries and "negotiate" authentication works. So, the fix should be easy, just make sure you have krb5-devel libraries installed on the build system for kdelibs4. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c7 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #7 from Benjamin Brunner <bbrunner@suse.com> 2013-09-09 13:07:00 CEST --- Update released for openSUSE 12.2. Resolved fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809859 https://bugzilla.novell.com/show_bug.cgi?id=809859#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2013-09-09 12:08:51 UTC --- openSUSE-RU-2013:1418-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 809859 CVE References: Sources used: openSUSE 12.2 (src): kdelibs4-4.8.5-2.32.1, kdelibs4-apidocs-4.8.5-2.32.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com