> Is there any way we can fix it, or could we just disable ntlm until > 835869 is fixed?
This is not (directly) related to NTLM. Curl prefers GSSNEGOTIATE over NTLM and BASIC, so decides to try that first. If it can't find a ticket in /tmp, it fails as though the authentication has been attempted and has failed (or retries the request without any auth header added, depending on curl version). - self.curl_obj.setopt(pycurl.PROXYAUTH, pycurl.HTTPAUTH_ANY) + self.curl_obj.setopt(pycurl.PROXYAUTH, pycurl.HTTPAUTH_ANY-pycurl.HTTPAUTH_GSSNEGOTIATE) This is reported to fix the problem, and NTLM is still supported, but: 1) no way to ever use kerberos 2) no way to enable only one auth scheme and save the 1st request 3) can't disable BASIC (security) I'm okay with both solutions (proxy_auth env var, or disabling kerberos the hard way). 3rd option is adding an urlgrabber + yum option to yum.conf, but that feels an overkill to me. > > Enabling >1 schemes results in small extra overhead > > I assume small here means "not really measurable"? One extra HTTP request/response, but that's on LAN, no big deal. It might still be desirable to be able to enable BASIC only, because a broken proxy might return wrong or no 407 replies. > (Eg. yum works, except yum-cron doesn't ... and repoquery > also doesn't work). Can imagine that.. _______________________________________________ Yum-devel mailing list [email protected] http://lists.baseurl.org/mailman/listinfo/yum-devel
