[openFATE 305546] Support for NTLM authentication (proxy) in YaST and libzypp
Feature changed by: Michael Calmer (mcalmer) Feature #305546, revision 15 Title: Support for NTLM authentication (proxy) in YaST and libzypp openSUSE-11.2: Rejected by Christoph Thiel (cthiel1) reject date: 2009-07-16 18:02:44 reject reason: out of context for openSUSE. Priority Requester: Desirable Projectmanager: Desirable openSUSE-11.3: New Priority Requester: Desirable Requested by: Katarina Machalkova (kmachalkova) Partner organization: openSUSE.org Description: YaST and libzypp should work in an environment with proxy server requiring NTLM authentication. The feature consists of two parts: 1) YaST proxy module has to provide UI to let user choose NTLM and write configuration file (/root/.curlrc) accordingly 2) libzypp media backend needs to be adapted to read and understand such configuration( that is, accept also --proxy-ntlm option instead of bare --proxy only) References: https://bugzilla.novell.com/show_bug.cgi?id=440296 https://bugzilla.novell.com/show_bug.cgi?id=412137 Business case (Partner benefit): openSUSE.org: Significant for adoption in mixed datacenters where the proxy infrastruture is on MSFT assets. Discussion: #1: Federico Lucifredi (flucifredi) (2009-01-26 20:57:23) Sadly, there is a realistic business case for this in mixed datacenters. Some odd people like to use NTLM proxies, I will never understand why. this will be a headache to do :-/ #2: Mark Muhlestein (mmuhlestein) (2010-01-13 18:10:39) Many of the engineers at Dell Computer in Austin want to use openSUSE 11.2 on their desktop machines. Dell uses a NTLM proxy on their corporate network so a lack of this functionality is keeping them from doing so. This group of engineers are very loyal SUSE/Novell folks who are trying very hard to help a SUSE desktop make inroads into Dell's corporate environment. Current number of engineers who cannot use the product is 50 - 60 On a side note, they see this a glaring problem. I don't know how many corporations use NTLM proxies but the gents at Dell seem to think it is quite a lot. #3: Katarina Machalkova (kmachalkova) (2010-01-14 15:03:36) I was wondering whether aria2c can handle NTLM auth. curl certainly does, but it's not our default downloader anymore. I googled a bit and found this table (http://curl.haxx.se/docs/comparison-table.html) and it doesn't look too positive :( #4: Duncan Mac-Vicar (dmacvicar) (2010-01-14 16:51:17) Because we are now using aria2 (however ZYpp stll can fall back to curl) I asked aria2 author if he planned something in the direction. He does not, however he will look into the protocol. The problem, appart of the time, is that he does not have a server to test. He pointed me to http://ntlmaps.sourceforge.net/ which allows to authenticate against a NTLM server acting as a normal proxy server. I have never tested this, but I wonder if companies really need support for this protocol in the tooling. + #5: Michael Calmer (mcalmer) (2010-01-14 16:57:35) (reply to #4) + I would say yes. I see sometimes logs from the registration where is a + proxy is in use with NTLM authentication. I think this is some kind of + Windows Server which is doing the authentication and automatically + support NTLM. If possible, we should have a way to support this. -- openSUSE Feature: https://features.opensuse.org/305546
participants (1)
-
fate_noreply@suse.de