[Yum-devel] Problem with http authentication
seth vidal
skvidal at fedoraproject.org
Wed Aug 25 15:53:39 UTC 2010
On Wed, 2010-08-25 at 10:23 +0200, bugzilla.bsd at gmx.de wrote:
> Hello,
>
> I observed the following problem accessing a password protected repository with yum using a baseurl like:
> http://myuser:mypass@host.org/myfile.xml
>
> The request is rejected by the web server (Apache) with ERROR 400. The URL is unknown.
>
> After analysing this with Wireshark I found out that the credentials are added to the HTTP AUTH section in the request but still part of the GET URI string. Because a URL with encoded User:Pass is not a valid address it is rejected by the server.
>
> I checked the same with Firefox. Firefox removes the user:passw part - so it works.
>
> Further analysis shows that the responsible component is the 'urlgrabber' - version 3.9.1.
>
> Is there a way to solve this?
>
> My setup:
> YUM: 3.2.28 (Fedora 12.i686 - Kernel 2.6.32.16-150)
> Python: 2.6.2
> urlgrabber : 3.9.1
Can you list the specific version and release of urlgrabber?
rpm -q urlgrabber
> Tools like curl or wget suffer the same problem if the credentials are part of the URL. You need to pass those via extra parameters and remove them from the URL - then it works with them.
Does your username/password contain characters like : or @? If so - then
you can escape them by using the url escaping of them.
-sv
More information about the Yum-devel
mailing list