Feature changed by: Duncan Mac-Vicar (dmacvicar) Feature #305546, revision 14 Title: Support for NTLM authentication (proxy) in YaST and libzypp openSUSE-11.2: Rejected by Christoph Thiel (cthiel1) reject date: 2009-07-16 18:02:44 reject reason: out of context for openSUSE. Priority Requester: Desirable Projectmanager: Desirable openSUSE-11.3: New Priority Requester: Desirable Requested by: Katarina Machalkova (kmachalkova) Partner organization: openSUSE.org Description: YaST and libzypp should work in an environment with proxy server requiring NTLM authentication. The feature consists of two parts: 1) YaST proxy module has to provide UI to let user choose NTLM and write configuration file (/root/.curlrc) accordingly 2) libzypp media backend needs to be adapted to read and understand such configuration( that is, accept also --proxy-ntlm option instead of bare --proxy only) References: https://bugzilla.novell.com/show_bug.cgi?id=440296 https://bugzilla.novell.com/show_bug.cgi?id=412137 Business case (Partner benefit): openSUSE.org: Significant for adoption in mixed datacenters where the proxy infrastruture is on MSFT assets. Discussion: #1: Federico Lucifredi (flucifredi) (2009-01-26 20:57:23) Sadly, there is a realistic business case for this in mixed datacenters. Some odd people like to use NTLM proxies, I will never understand why. this will be a headache to do :-/ #2: Mark Muhlestein (mmuhlestein) (2010-01-13 18:10:39) Many of the engineers at Dell Computer in Austin want to use openSUSE 11.2 on their desktop machines. Dell uses a NTLM proxy on their corporate network so a lack of this functionality is keeping them from doing so. This group of engineers are very loyal SUSE/Novell folks who are trying very hard to help a SUSE desktop make inroads into Dell's corporate environment. Current number of engineers who cannot use the product is 50 - 60 On a side note, they see this a glaring problem. I don't know how many corporations use NTLM proxies but the gents at Dell seem to think it is quite a lot. #3: Katarina Machalkova (kmachalkova) (2010-01-14 15:03:36) I was wondering whether aria2c can handle NTLM auth. curl certainly does, but it's not our default downloader anymore. I googled a bit and found this table (http://curl.haxx.se/docs/comparison-table.html) and it doesn't look too positive :( + #4: Duncan Mac-Vicar (dmacvicar) (2010-01-14 16:51:17) + Because we are now using aria2 (however ZYpp stll can fall back to + curl) I asked aria2 author if he planned something in the direction. + He does not, however he will look into the protocol. The problem, + appart of the time, is that he does not have a server to test. + He pointed me to http://ntlmaps.sourceforge.net/ which allows to + authenticate against a NTLM server acting as a normal proxy server. I + have never tested this, but I wonder if companies really need support + for this protocol in the tooling. -- openSUSE Feature: https://features.opensuse.org/305546