On Wed, Aug 11, 2004 at 01:24:44PM -0400, Paul Pianta wrote:
> I need a system that will authenticate clients against a custom
> repository. Depending on their key - they can access (or not) a base
> repo, and several other 'optional' repos - ie. packages that they have
> the right to download on top of the base packages. I thought about
> blocking access to repos with .htaccess but it would be painful to
> maintain the .htaccess files for many clients (and anyway I think yum
> would exit on authentication failure).
I'm not sure I understand what you mean, but here goes anyway. As
far as yum is concerned, http and ftp are equivalent. All the
differences are hidden from yum proper and dealt with in urlgrabber
and urllib2 (and lower, in ftplib and httplib, obviously). I suspect
the primary difference as far as you're concerned is speed and how the
authentication is done.
If you just mean that managing server authentication is easier for ftp
than http, then fine. However, yum should respond to failed auth the
same way for both http and ftp. One "trick" you could pull to ignore
auth failures and not use a repo is this:
1) create an empty repo (run yum-arch on an empty directory
2) in your yum conf, in a single repo section, specify two baseurls
for failover. The first is your authed repo, and the second is
the public empty repo.
3) set the failover policy to priority
When yum hits the first one and fails, it will move onto the second
one, which is a legitimate repo... it just doesn't have any packages.
Now, I don't claim this is a pretty solution, but it would probably
work :) Note that it may have wacky side effects if your real repo
can't be reached for some OTHER reason.
-Michael
--
Michael D. Stenner mstenner@xxxxxxxxxxxxxxx
ECE Department, the University of Arizona 520-626-1619
1230 E. Speedway Blvd., Tucson, AZ 85721-0104 ECE 524G
