Re: [Ltib] ppp wget authentication

[Mike Goins]

On Fri, Aug 24, 2012 at 3:59 AM, Stuart Hughes <address@hidden> wrote:
> Hi Mike,
>
> On the authentication stuff, it depends what you mean.  If you want to
> restrict access you could do this on the server side and use Apache "allow
> from" clauses, another mechanism would be to use one of the HTTP auth
> methods, basic (which is almost useless) or md5, which isn't bad.  The other
> thing you could do is to use a server side script.  For example, the LTIB
> GPP access is intercepted by mod_rewrite and a script is run, this is used
> to limit the bandwidth per hour per IP requests.  You could do something
> similar for auth.
>
> I'm a bit wary about adding any auth mechanism into LTIB, because whichever
> one is put in, it won't be the one user xyz wants, so that will get added
> and it could all get horribly out of control.  However, I've no real
> objections to adding %ppp_opts etc.  It really depends on what you intend to
> do with them.  What kind of auth mechanism did you have in mind?


I was planning to use one of the server side authentication methods
since I don't think wget provides much else.   Then use options like
--http-user= and --http-password=.  Will also use
--no-check-certificate else wget bails on self-signed certs,


> So far as WGETRC goes, this is another tricky issue.  On the one hand I
> don't really want to prevent people having some control by setting this to
> some override value that doesn't kill LTIB, on the other hand you're right
> that potentially bad values could cause it to kill ltibs wgets.

Updating the documentation may be sufficient.   Probably a good point
to bring up when some have trouble downloading from ltib.


> Regards, Stuart
>
>
> On 23/08/12 13:36, Mike Goins wrote:
>>
>> I maintain a local gpp and ppp.  I use the gpp for FOSS items and keep
>> a few vendor items in the ppp.  This allows the gpp to be publicly
>> available, but the ppp is only accessible on the company network.
>> However, I would like to put some sort of authentication on the ppp
>> and make it external facing.   This would allow moving my continuous
>> integration systems off-site.
>>
>> There doesn't appear to any method to put credentials in ltib, so I am
>> looking at a way to add. What I have come up with so far.
>>
>> Add new configs to .ltibrc to allow site specific opts:
>> %gpp_opts
>> %ppp_opts
>>
>> In get_remote_file(), since it iterates over the pp list, append these
>> options to the wget_opts.
>>
>>
>> Seem OK?  Has anyone else used or tried authentication?
>>
>>
>> Side note:   Shouldn't ltib be setting the WGETRC environment variable
>> anyway, even if to a non-existent location?   ltib uses the host built
>> /opt/ltib/usr/bin/wget, so it would seem prudent to avoid getting the
>> user's .wgetrc which may interfere with the the parameters ltib has
>> set up or add parameters that ltib "skips".
>>
>>
>